| |
| |||||||
Log-Analyse und Auswertung: HiJackThis-Logfile - PC-ÜberprüfungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
31.07.2010, 18:49
| #1 |
| |  HiJackThis-Logfile - PC-Überprüfung Hallo, ich hatte ca. letzte Woche einen unschönen Malware-Angriff auf meinem PC. Ich habe nicht wirklich das Gefühl, dass alles sauber ist, deswegen wollte ich hier mal nachfragen, um zu gucken, ob noch was getan werden muss. Hier erstmal die Logfiles von AntiMalware von vor einer Woche: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4339
Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000
23.07.2010 00:33:23
mbam-log-2010-07-23 (00-33-23).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 128020
Laufzeit: 5 Minute(n), 9 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iaxaippv (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\patchsetup70700.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\Basti\AppData\Local\vfcktbbfq\fmkfsyhtssd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Roaming\36DDD303885909842123211D13BDABE9\patchsetup70700.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\jydtya.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Temp\ufgxxw.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4339
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
23.07.2010 10:46:18
mbam-log-2010-07-23 (10-46-18).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 419205
Laufzeit: 2 Stunde(n), 3 Minute(n), 10 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CL5CHZ2A\patchsetup70700[1].exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FXP1CME0\aaidkfmhfa[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S0HL3RZB\imhbjepxrz[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SQY8C9DZ\bsvqbwql[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Basti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SQY8C9DZ\sjnvpnidk[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4373
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
31.07.2010 18:10:20
mbam-log-2010-07-31 (18-10-20).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 422021
Laufzeit: 1 Stunde(n), 38 Minute(n), 10 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:20:14, on 31.07.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18470) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Users\***\Program Files (x86)\DNA\btdna.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe C:\hp\support\hpsysdrv.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Last.fm\LastFM.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\***\Downloads\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Basti\Program Files (x86)\DNA\btdna.exe" O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe O4 - Global Startup: Philips SA30XX Device Manager.lnk = ? O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: TabletServiceWacom - Unknown owner - C:\Windows\system32\Wacom_Tablet.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12334 bytes Code:
ATTFilter OTL logfile created on: 31.07.2010 19:28:40 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Basti\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 45,00% Memory free 12,00 Gb Paging File | 9,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 916,99 Gb Total Space | 500,61 Gb Free Space | 54,59% Space Free | Partition Type: NTFS Drive D: | 14,52 Gb Total Space | 1,99 Gb Free Space | 13,74% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BASTI-PC Current User Name: Basti Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Basti\Downloads\HiJackThis204.exe (Trend Micro Inc.) PRC - C:\Users\Basti\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Users\Basti\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.) PRC - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe () PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Last.fm\LastFM.exe (Last.fm) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Basti\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\ezsvc7.dll File not found SRV:64bit: - (TabletServiceWacom) -- C:\Windows\SysNative\Wacom_Tablet.exe () SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) ========== Driver Services (SafeList) ========== DRV:64bit: - (PDNSp50a64) -- C:\Windows\SysNative\Drivers\PDNSp50a64.sys File not found DRV:64bit: - (PDNSp50) -- C:\Windows\SysNative\drivers\PDNSp50.sys File not found DRV:64bit: - (PDNMp50) -- C:\Windows\SysNative\drivers\PDNMp50.sys File not found DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys () DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys () DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys () DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys () DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys () DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\DRIVERS\wacmoumonitor.sys () DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys () DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys () DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys () DRV:64bit: - (WacomVKHid) -- C:\Windows\SysNative\DRIVERS\WacomVKHid.sys () DRV:64bit: - (AVMUNET) -- C:\Windows\SysNative\DRIVERS\avmunet.sys () DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.) DRV - (PCD5SRVC{8AAF211B-043E02A9-05040000}) -- C:\Programme\PC-Doctor for Windows\pcd5srvc_x64.pkms (PC-Doctor, Inc.) DRV - (PDNMp50) -- C:\Windows\SysWOW64\drivers\PDNMp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (PDNSp50) -- C:\Windows\SysWOW64\drivers\PDNSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.07.25 09:17:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.25 09:17:02 | 000,000,000 | ---D | M] [2009.04.09 11:25:17 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\mozilla\Extensions [2010.07.30 20:54:14 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\tk13t1f6.default\extensions [2010.07.22 21:09:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\tk13t1f6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.22 23:53:13 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\tk13t1f6.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2010.07.22 21:09:09 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\tk13t1f6.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2009.04.09 16:35:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\tk13t1f6.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010.06.11 02:08:24 | 000,000,917 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\FireFox\Profiles\tk13t1f6.default\searchplugins\conduit.xml [2010.07.30 14:02:58 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\FireFox\Profiles\tk13t1f6.default\searchplugins\icqplugin-1.xml [2009.07.24 15:34:17 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\FireFox\Profiles\tk13t1f6.default\searchplugins\icqplugin-2.xml [2009.08.12 06:53:02 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\FireFox\Profiles\tk13t1f6.default\searchplugins\icqplugin-3.xml [2009.09.11 11:47:56 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\FireFox\Profiles\tk13t1f6.default\searchplugins\icqplugin-4.xml [2009.10.30 09:57:34 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\FireFox\Profiles\tk13t1f6.default\searchplugins\icqplugin-5.xml [2009.12.17 18:58:24 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\FireFox\Profiles\tk13t1f6.default\searchplugins\icqplugin-6.xml [2010.01.07 21:25:08 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\FireFox\Profiles\tk13t1f6.default\searchplugins\icqplugin-7.xml [2009.06.08 21:23:58 | 000,000,944 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\FireFox\Profiles\tk13t1f6.default\searchplugins\icqplugin.xml [2010.07.23 11:41:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2009.05.03 21:20:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npbittorrent.dll [2010.07.30 08:06:48 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll [2010.07.15 09:43:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.07.15 09:43:02 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.07.15 09:43:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.07.15 09:43:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.15 09:43:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL () O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL () O4:64bit: - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE File not found O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Basti\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe () O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range2 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Basti\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Basti\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{22aba375-246a-11de-95ce-00248c07bd6c}\Shell - "" = AutoRun O33 - MountPoints2\{22aba375-246a-11de-95ce-00248c07bd6c}\Shell\AutoRun\command - "" = J:\preinst.exe -- File not found O33 - MountPoints2\{325d0e43-2982-11de-94ef-00248c07bd6c}\Shell - "" = AutoRun O33 - MountPoints2\{325d0e43-2982-11de-94ef-00248c07bd6c}\Shell\AutoRun\command - "" = J:\preinst.exe -- File not found O33 - MountPoints2\{8f4fbe2c-b2fc-11de-896b-00150cc77426}\Shell - "" = AutoRun O33 - MountPoints2\{8f4fbe2c-b2fc-11de-896b-00150cc77426}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.30 08:08:10 | 000,000,000 | ---D | C] -- C:\Users\Basti\Neuer Ordner [2010.07.30 08:06:55 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\GamersFirst LIVE! [2010.07.30 08:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamersFirst [2010.07.29 20:38:24 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Avira [2010.07.29 20:35:43 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys [2010.07.29 20:35:43 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys [2010.07.29 20:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.07.29 20:35:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2010.07.23 00:34:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010.07.23 00:27:12 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Malwarebytes [2010.07.23 00:27:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.07.23 00:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.23 00:27:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.07.22 23:38:26 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\vfcktbbfq [2010.07.22 23:37:41 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\36DDD303885909842123211D13BDABE9 [2010.07.12 11:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2010.07.02 15:37:19 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll [2010.07.02 15:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iPod [2010.07.02 15:36:42 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.07.02 15:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2010.07.02 15:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.07.02 15:29:26 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour ========== Files - Modified Within 30 Days ========== [2010.07.31 19:28:18 | 002,359,296 | -HS- | M] () -- C:\Users\Basti\NTUSER.DAT [2010.07.31 18:43:12 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.31 18:43:12 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.31 13:36:01 | 000,189,952 | ---- | M] () -- C:\Users\Basti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.31 08:43:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.31 08:43:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.31 00:48:18 | 000,524,288 | -HS- | M] () -- C:\Users\Basti\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2010.07.31 00:48:18 | 000,065,536 | -HS- | M] () -- C:\Users\Basti\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2010.07.31 00:48:05 | 002,657,405 | -H-- | M] () -- C:\Users\Basti\AppData\Local\IconCache.db [2010.07.30 20:24:19 | 000,000,997 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk [2010.07.30 20:24:19 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk [2010.07.30 20:00:17 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\Sword of the New World.lnk [2010.07.29 20:35:49 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.07.28 13:18:06 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.07.28 13:18:06 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.07.28 13:18:06 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.07.28 13:18:06 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.07.28 13:18:06 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.07.21 08:32:55 | 000,007,426 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\wklnhst.dat [2010.07.14 19:27:41 | 000,000,680 | ---- | M] () -- C:\Users\Basti\AppData\Local\d3d9caps.dat [2010.07.02 15:37:23 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.07.02 15:35:16 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.07.02 15:13:55 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk ========== Files Created - No Company Name ========== [2010.07.30 20:00:17 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\Sword of the New World.lnk [2010.07.30 08:06:44 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk [2010.07.30 08:06:44 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk [2010.07.29 20:35:49 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.07.29 20:35:43 | 000,116,568 | ---- | C] () -- C:\Windows\SysNative\drivers\avipbb.sys [2010.07.29 20:35:43 | 000,081,072 | ---- | C] () -- C:\Windows\SysNative\drivers\avgntflt.sys [2010.07.23 11:34:00 | 000,422,904 | ---- | C] () -- C:\Users\Basti\AppData\Local\dd_vcredistMSI3F6C.txt [2010.07.23 11:34:00 | 000,011,710 | ---- | C] () -- C:\Users\Basti\AppData\Local\dd_vcredistUI3F6C.txt [2010.07.23 00:27:02 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2010.07.12 11:47:17 | 000,008,704 | ---- | C] () -- C:\Windows\SysNative\E_GCINST.DLL [2010.07.12 11:47:14 | 000,127,488 | ---- | C] () -- C:\Windows\SysNative\E_ILMBNE.DLL [2010.07.12 11:47:14 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\E_IBCBBNE.DLL [2010.07.02 15:37:23 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.07.02 15:37:19 | 000,126,312 | ---- | C] () -- C:\Windows\SysNative\GEARAspi64.dll [2010.07.02 15:37:19 | 000,034,152 | ---- | C] () -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2010.07.02 15:35:16 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.07.02 15:13:55 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2010.05.28 02:09:00 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2009.08.07 15:53:46 | 000,001,015 | ---- | C] () -- C:\Windows\disney.ini [2009.05.05 18:24:59 | 000,598,016 | ---- | C] () -- C:\Windows\SysWow64\viscomqtde.dll [2009.05.05 18:24:59 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2009.04.08 23:29:06 | 000,042,982 | ---- | C] () -- C:\Windows\SysWow64\pddsladp.dll [2009.04.08 23:28:57 | 000,000,111 | ---- | C] () -- C:\Windows\telephon.ini [2009.02.13 10:36:52 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll [2009.02.13 10:36:52 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006.03.18 15:16:04 | 000,540,178 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll ========== LOP Check ========== [2010.07.22 23:38:41 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\36DDD303885909842123211D13BDABE9 [2010.07.31 19:09:39 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\BitTorrent [2009.08.07 16:14:06 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Disney Interactive Studios [2010.07.31 19:24:24 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DNA [2009.04.10 19:39:59 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\GetRightToGo [2009.05.03 21:24:39 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\ICQ [2009.04.10 17:38:19 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\IrfanView [2009.10.24 17:23:58 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\NeopleLauncherDFO [2009.04.16 16:57:45 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Publish Providers [2009.12.09 21:06:38 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Ringtone Expressions [2010.06.29 16:00:52 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Softland [2009.08.24 13:28:39 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Sony [2009.08.01 18:38:31 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Sony Setup [2009.04.10 19:04:09 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Template [2009.04.08 21:30:36 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\WildTangent [2009.07.20 21:49:31 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\WinBatch [2009.07.25 06:31:17 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job [2010.07.31 00:48:12 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 31.07.2010 19:28:40 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Basti\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 45,00% Memory free
12,00 Gb Paging File | 9,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,99 Gb Total Space | 500,61 Gb Free Space | 54,59% Space Free | Partition Type: NTFS
Drive D: | 14,52 Gb Total Space | 1,99 Gb Free Space | 13,74% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BASTI-PC
Current User Name: Basti
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B2AE92A-069C-4993-9C95-C6CF80F7044D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{31B74AC2-7356-4F4C-8F36-5F781E5CAA80}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C50492E-50EA-4539-97A5-88D235E11DA8}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{0F45ABD0-2DD2-4CBC-B0D3-16B7809F5EB4}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{20B94F37-AA02-4C2A-BED0-45E74D969802}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{2791F98C-913E-4F53-92A8-63F21593D85D}" = protocol=17 | dir=in | app=c:\program files (x86)\neuer ordner\adobe bridge cs3\bridge.exe |
"{2CDD4297-B909-429D-808E-9E087E298ACA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{2D467BB9-2005-4A6E-96BE-682B1EC41FED}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{2F9EA09F-AB75-4D84-97AE-AD2F4D13418E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{359C3516-C501-481E-B5F3-03E9687B087C}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{39A7270F-85FF-48DE-9AB9-5282B101E2FF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{3C1794FD-AB55-47FB-9D04-D0D4B9D56EFD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{40A07069-FD86-49D4-984A-24CB8A63ABC8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{44E0D050-55B0-4B55-8DD2-56CF2E4D1896}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4D7B987E-E9EA-4CE0-A900-88F5678704B1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{532FC741-6921-4828-BA1D-10E1B138BF7F}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{61BC402B-CE5D-4C25-9A7C-0CFBEA109E22}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{653756D2-4E5C-45E1-AB16-24257FD0DE71}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\sword of the new world\ge.exe |
"{6B8D4687-7404-449D-8F6C-F74CAC98276F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6D5EADBE-5B3B-4F02-8C87-141647A486A9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{76BAA1E2-E4A2-40A9-8B7C-0BFC914A5277}" = protocol=17 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{7A42197C-BA57-44BC-85D2-BA441D4C860F}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{889FA592-FC90-4E4E-8C4C-490BCE82A123}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{8B5D4B91-BF56-421C-A83B-4FCA6213F482}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{96F7AE4E-9EEE-463F-928B-D256727AF934}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{99CE458D-7335-404E-8596-7DA9DFC1C448}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\sword of the new world\ge.exe |
"{9C01EB90-7475-48F6-AD83-5F551732DE55}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A5A2B8E6-8ED8-42FE-952B-087AF63018E6}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{B35564DC-FF9C-4941-AD00-E8A8984D2CAB}" = protocol=6 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{B6673633-C3EF-4A3B-A997-B51223992ECC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B71FFE92-37CA-4C88-8721-DD76E2E8914F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{C24D4E30-1A52-486A-B55D-153EB0867CDB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C7B263B8-DFC7-4C1F-8CCB-CB48330C42F7}" = protocol=17 | dir=in | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{D0A614A1-5620-410A-8BC4-738F08B8F15D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{D65124CB-2482-46B9-88C3-17A17B5D436A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{DAE15229-29F9-48E6-B2ED-97039931BD75}" = protocol=6 | dir=in | app=c:\program files (x86)\neuer ordner\adobe bridge cs3\bridge.exe |
"{E204CD6F-212A-4024-9359-3B898EA34D87}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{FDD96438-7516-4EBC-B548-444325DCFB8A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{1A194CC2-1ECE-44B8-A09F-99C79339700F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{2D37E5E5-557C-4BDA-9288-2F8A7B389A97}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{38D54E7D-2589-463F-B07F-0A03C8949BC8}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{48EC75DE-5FBD-47BC-B139-8E09D3CCB083}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{7B718EC5-6EFC-46F5-B4C6-71F36708765A}C:\nexon\dfo\dfo.exe" = protocol=6 | dir=in | app=c:\nexon\dfo\dfo.exe |
"TCP Query User{938CA73B-9765-44E6-9A38-25B01E6BE590}C:\users\basti\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\basti\program files (x86)\dna\btdna.exe |
"TCP Query User{AD21A6AD-ACF4-44BD-91AB-9C20B2883C93}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{B8789022-C78D-4F20-AD2C-9D2560C9662C}C:\users\basti\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\basti\program files (x86)\dna\btdna.exe |
"TCP Query User{CA0B6573-4B4D-42D9-ABFB-3A8DC85A870E}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"UDP Query User{03523CC1-9E4A-4476-B21A-34DBE4EE8987}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{248963BB-BD6B-4593-AB67-F7FCA5EFC6B8}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{97367F90-92C1-431F-AB27-3E8BA19DF30F}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"UDP Query User{A8EDBA4F-79A2-44DF-A48C-E0AE0F4C5495}C:\users\basti\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\basti\program files (x86)\dna\btdna.exe |
"UDP Query User{AB3368D6-344C-4B08-AF2B-73BE4AD42A1E}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{AB54C6A2-6950-4AFA-BE79-67FD32CC031D}C:\users\basti\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\basti\program files (x86)\dna\btdna.exe |
"UDP Query User{EEABF4A1-FB25-48E7-A647-F40019FCEC5C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{F236B01C-7A5B-4E73-81F0-539E8BDFA8D4}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{FB64CA39-EC27-470D-BBEA-7BB43CDE149D}C:\nexon\dfo\dfo.exe" = protocol=17 | dir=in | app=c:\nexon\dfo\dfo.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13C0B2E2-1E27-47DF-A972-02EDA3954167}" = MobileMe Control Panel
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"doPDF 7 printer_is1" = doPDF 7.1 printer
"EPSON Printer and Utilities" = EPSON Printer Software
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"PC-Doctor for Windows" = Hardware Diagnose Tools
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 18
"{289CDCBA-1E82-460A-9DCA-E9FB6BAC1A42}" = SA30xx Device Manager
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AEC97C4-ACCF-4759-A524-8E15C478E43B}" = Media Go
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}" = PlayStation(R)Network Downloader
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}" = Pure
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Alice" = Alice-Installationsdateien entfernen
"AllToAVI" = AllToAVI v4 r5394
"AOL Toolbar" = AOL Toolbar 5.0
"Ask Toolbar_is1" = Ask Toolbar
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = FRITZ!Box
"Bejeweled Twist" = Bejeweled Twist
"CCleaner" = CCleaner
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst Sword of the New World" = Sword of the New World
"ICQToolbar" = ICQ Toolbar
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LastFM_is1" = Last.fm 1.5.4.24567
"Mahjong Escape – Ancient China" = Mahjong Escape – Ancient China
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"My~PortCoimbra" = My~PortCoimbra 1.1[3.4b]
"Mystery P.I. – The Vegas Heist" = Mystery P.I. – The Vegas Heist
"osu!" = osu!
"Peggle Deluxe" = Peggle Deluxe
"Peggle Deluxe 1.03" = Peggle Deluxe 1.03
"PokerStars" = PokerStars
"Rainlendar2" = Rainlendar2 (remove only)
"Ringtone Expressions" = Ringtone Expressions 1.5.0
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"Spannende Abenteuer Die verschollene Grabkammer" = Spannende Abenteuer Die verschollene Grabkammer
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"VLC media player" = VLC media player 0.9.9
"Wacom Tablet Driver" = Wacom Tablett
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 15.06.2010 11:39:23 | Computer Name = Basti-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 15.06.2010 11:39:23 | Computer Name = Basti-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 15.06.2010 11:39:23 | Computer Name = Basti-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 15.06.2010 11:39:23 | Computer Name = Basti-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 15.06.2010 11:39:23 | Computer Name = Basti-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 15.06.2010 11:39:23 | Computer Name = Basti-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 15.06.2010 11:39:23 | Computer Name = Basti-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 15.06.2010 11:39:23 | Computer Name = Basti-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 15.06.2010 11:39:23 | Computer Name = Basti-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 15.06.2010 11:39:23 | Computer Name = Basti-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
[ System Events ]
Error - 30.07.2010 12:49:18 | Computer Name = Basti-PC | Source = HTTP | ID = 15016
Description =
Error - 30.07.2010 12:53:30 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 31.07.2010 02:43:10 | Computer Name = Basti-PC | Source = HTTP | ID = 15016
Description =
Error - 31.07.2010 02:45:16 | Computer Name = Basti-PC | Source = DCOM | ID = 10005
Description =
Error - 31.07.2010 02:45:16 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 31.07.2010 02:45:16 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31.07.2010 02:45:46 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 31.07.2010 02:45:47 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31.07.2010 02:46:19 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 31.07.2010 02:46:19 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
LG |
|
31.07.2010, 19:50
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | HiJackThis-Logfile - PC-Überprüfung Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
O33 - MountPoints2\{22aba375-246a-11de-95ce-00248c07bd6c}\Shell - "" = AutoRun
O33 - MountPoints2\{22aba375-246a-11de-95ce-00248c07bd6c}\Shell\AutoRun\command - "" = J:\preinst.exe -- File not found
O33 - MountPoints2\{325d0e43-2982-11de-94ef-00248c07bd6c}\Shell - "" = AutoRun
O33 - MountPoints2\{325d0e43-2982-11de-94ef-00248c07bd6c}\Shell\AutoRun\command - "" = J:\preinst.exe -- File not found
O33 - MountPoints2\{8f4fbe2c-b2fc-11de-896b-00150cc77426}\Shell - "" = AutoRun
O33 - MountPoints2\{8f4fbe2c-b2fc-11de-896b-00150cc77426}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
[2010.07.22 23:38:26 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\vfcktbbfq
[2010.07.22 23:37:41 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\36DDD303885909842123211D13BDABE9
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ |
|
31.07.2010, 21:39
| #3 |
| | HiJackThis-Logfile - PC-Überprüfung Danke für die Antwort!
__________________Hier das gewünschte Logfile: Code:
ATTFilter All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22aba375-246a-11de-95ce-00248c07bd6c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22aba375-246a-11de-95ce-00248c07bd6c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22aba375-246a-11de-95ce-00248c07bd6c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22aba375-246a-11de-95ce-00248c07bd6c}\ not found.
File J:\preinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{325d0e43-2982-11de-94ef-00248c07bd6c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{325d0e43-2982-11de-94ef-00248c07bd6c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{325d0e43-2982-11de-94ef-00248c07bd6c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{325d0e43-2982-11de-94ef-00248c07bd6c}\ not found.
File J:\preinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f4fbe2c-b2fc-11de-896b-00150cc77426}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f4fbe2c-b2fc-11de-896b-00150cc77426}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f4fbe2c-b2fc-11de-896b-00150cc77426}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f4fbe2c-b2fc-11de-896b-00150cc77426}\ not found.
File J:\LaunchU3.exe not found.
C:\Users\Basti\AppData\Local\vfcktbbfq folder moved successfully.
C:\Users\Basti\AppData\Roaming\36DDD303885909842123211D13BDABE9 folder moved successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Basti
->Temp folder emptied: 149433459 bytes
->Temporary Internet Files folder emptied: 97392056 bytes
->Java cache emptied: 64097277 bytes
->FireFox cache emptied: 98839889 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 76094 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19413121 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3016268121 bytes
Total Files Cleaned = 3.286,00 mb
OTL by OldTimer - Version 3.2.9.1 log created on 07312010_222344
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TZV1D0E8\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NXDGW2ZH\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3N71IEE\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4TZ6H1KG\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.
Registry entries deleted on Reboot...
LG |
|
01.08.2010, 19:14
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HiJackThis-Logfile - PC-Überprüfung Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.08.2010, 21:06
| #5 |
| | HiJackThis-Logfile - PC-Überprüfung So, hier die Logs. Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4381
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
02.08.2010 18:17:57
mbam-log-2010-08-02 (18-17-57).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 414932
Laufzeit: 1 Stunde(n), 39 Minute(n), 31 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/02/2010 at 09:30 PM
Application Version : 4.41.1000
Core Rules Database Version : 5302
Trace Rules Database Version: 3114
Scan type : Complete Scan
Total Scan Time : 02:59:57
Memory items scanned : 601
Memory threats detected : 0
Registry items scanned : 12936
Registry threats detected : 0
File items scanned : 306674
File threats detected : 31
Adware.Tracking Cookie
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@apmebf[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@bs.serving-sys[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@serving-sys[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@doubleclick[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@questionmarket[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@advertising[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@ad.71i[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@adfarm1.adition[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@www.windowsmedia[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@weborama[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@cgm.adbureau[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@atwola[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@tradedoubler[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@content.yieldmanager[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@content.yieldmanager[3].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@www.mediasoftwareapps[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@ads.nexon[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@mediaplex[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@at.atwola[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@ar.atwola[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@adtech[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@ad.yieldmanager[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@atdmt[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@fastclick[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@2o7[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@xfire.adbureau[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@msnportal.112.2o7[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@tacoda[2].txt
core.insightexpressai.com [ C:\Users\Basti\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PNYVXNZP ]
Trojan.Agent/CDesc[Generic]
C:\PROGRAM FILES (X86)\SONY\PLAYSTATION STORE\NPAAC_WIN.DLL
C:\PROGRAM FILES (X86)\SONY\PLAYSTATION STORE\NPCOMMERCE2LIB.DLL
|
|
05.08.2010, 11:50
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HiJackThis-Logfile - PC-Überprüfung Sieht ok aus. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ --> HiJackThis-Logfile - PC-Überprüfung |
|
06.08.2010, 07:36
| #7 | |
| | HiJackThis-Logfile - PC-ÜberprüfungZitat:
 LG |
|
06.08.2010, 10:04
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HiJackThis-Logfile - PC-Überprüfung Gut, dann bitte die Updates prüfen, hier mein Leitfaden dazu: Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu HiJackThis-Logfile - PC-Überprüfung |
| adware.bho, antivir guard, ask toolbar, ask.com, askbar, audacity, avg, avgntflt.sys, avira, bonjour, components, defender, desktop, error, firefox, flash player, format, google, hijack, hijackthis, home premium, iastor.sys, install.exe, intranet, launch, local\temp, location, media center, monitor, mozilla, oldtimer, otl logfile, otl.exe, pando media booster, plug-in, programdata, realtek, registry, rogue.antimalwaredoctor, rundll, saver, searchplugins, security, service pack 1, shell32.dll, skype.exe, software, start menu, svchost.exe, system, syswow64, teamspeak, torrent.exe, trojan.agent.ge, udp, usbaapl64, vista, vlc media player |
Linear-Darstellung
