| |
| |||||||
Alles rund um Windows: Ausführen Dialog lässt sich nicht öffnen(Win7 x64)Windows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 / Windows 11- als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows. |
 |
14.12.2010, 20:21
| #1 | |
| Gesperrt |  Problem: Ausführen Dialog lässt sich nicht öffnen(Win7 x64) Hi Wenn ich auf Ausführen klicke/Windows+e drücke kommt folgende Meldung: Zitat:
Hijackthis Log: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:07:43, on 14.12.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: D:\Program Files (x86)\WhatPulse\WhatPulse.exe C:\Windows\SysWOW64\cmd.exe D:\Program Files (x86)\Kaspersky Security Suite CBE 10\avp.exe D:\Programme\Mozilla Firefox 4.0 Beta 1\firefox.exe D:\Program Files (x86)\TuneUp Utilities 2011\Integrator.exe C:\Users\Messna\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=; R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: The IP address should O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\ievkbd.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~2\Microsoft Office\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL O2 - BHO: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\klwtbbho.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [AVP] "D:\Program Files (x86)\Kaspersky Security Suite CBE 10\avp.exe" O4 - HKCU\..\Run: [WhatPulse] D:\Program Files (x86)\WhatPulse\WhatPulse.exe O4 - HKCU\..\Run: [Windows Update] \Server.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user') O4 - Startup: Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~2\Microsoft Office\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\ie_banner_deny.htm O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~2\Microsoft Office\Office14\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\klwtbbho.dll O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\klwtbbho.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~3\AVP9\mzvkbd3.dll,C:\PROGRA~3\AVP9\sbhook.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Kaspersky Security Suite CBE 10 (AVP) - Kaspersky Lab - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\avp.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - D:\Program Files\OO Software\Defrag\oodag.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9633 bytes Vielen Dank |
|
15.12.2010, 14:29
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Ausführen Dialog lässt sich nicht öffnen(Win7 x64) Anleitung / Hilfe Hallo,
__________________Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
15.12.2010, 15:36
| #3 |
| Gesperrt | Ausführen Dialog lässt sich nicht öffnen(Win7 x64) Details Über den Taskmanager kann ich ganz normal CMD oder ähnliches ausführen, aber mit der Tastenkombination Windows+R gehts nicht.
__________________O4 - HKCU\..\Run: [Windows Update] \Server.exe Sollte ich den Eintrag nicht fixen?^^ Klingt so verdächtig, habs aber vorerst nur aus Autostart genommen. €:Sorry, Post von cosinus nicht gelesen, log folgt |
|
15.12.2010, 18:02
| #4 | |
| Gesperrt | Lösung: Ausführen Dialog lässt sich nicht öffnen(Win7 x64) Malwarebytes: Zitat:
Code:
ATTFilter OTL Extras logfile created on: 15.12.2010 17:30:23 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\***\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1.024,00 Mb Total Physical Memory | 119,00 Mb Available Physical Memory | 12,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 29,29 Gb Total Space | 0,63 Gb Free Space | 2,15% Space Free | Partition Type: NTFS
Drive D: | 157,01 Gb Total Space | 15,09 Gb Free Space | 9,61% Space Free | Partition Type: NTFS
Drive M: | 962,20 Mb Total Space | 21,61 Mb Free Space | 2,25% Space Free | Partition Type: FAT
Drive S: | 186,31 Gb Total Space | 5,87 Gb Free Space | 3,15% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox 4.0 Beta 1\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "d:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "d:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "d:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "d:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "d:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "d:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiSpyWareDisableNotify" = 1
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"AutoUpdateDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"UacDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"d:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = d:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"d:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = d:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"d:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = d:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"d:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = d:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{26CFBB12-69A5-4EA1-A904-3382A37B0681}" = Nitro PDF Professional
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{372806CA-AE32-4A49-9CC1-EF9E3AB28D5C}" = O&O Defrag Professional
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{64A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java(TM) SE Development Kit 6 Update 22 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"CCleaner" = CCleaner
"ComicRack" = ComicRack v0.9.129
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v4.1.0
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1
"NVIDIA Drivers" = NVIDIA Drivers
"SP6" = Logitech SetPoint 6.20
"Unlocker" = Unlocker 1.9.0-x64
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A3696A0-31B9-4D2F-A5B6-FF6DD56BDE9D}_is1" = MyMenu 1.3
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{2FB1052B-2F3D-48CE-A65D-006240516ECE}_is1" = Tweak Me! Version 1.1.0.7
"{328019A7-0012-401D-96A2-4CDDD02675A8}" = Garmin POI Loader
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3CD5832D-13D9-4751-8B22-3A7D3F4ACA42}" = Quake Live Mozilla Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{42996E6D-2079-42E4-82C6-8EF063BAA50E}" = iLoad
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.0
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6AE4D46-A845-45CF-A6B2-D5D62780EA69}_is1" = Piratenleben Sprachausgabe 1.0
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Professional Edition
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.00
"AV Voice Changer Software DIAMOND 7.0" = AV Voice Changer Software DIAMOND 7.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cross Fire_is1" = Cross Fire En
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"DivX Setup.divx.com" = DivX-Setup
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"FirstloadIkarus" = Firstload Ikarus
"Foxit Reader" = Foxit Reader
"Gothic II" = Gothic II
"Gothic II - Die Nacht des Raben" = Gothic II - Die Nacht des Raben
"HC51 9.60PL0" = HI-TECH C51-lite V9.60PL0
"HyperCam 3" = HyperCam 3
"ImgBurn" = ImgBurn
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"KC Softwares SUMo_is1" = KC Softwares SUMo
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.6.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.1.4
"Mozilla Firefox 4.0b7 (x86 de)" = Mozilla Firefox 4.0b7 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Opera 11.00.1029" = Opera 11.00 alpha build 1029
"Orbit_is1" = Orbit Downloader
"PICC 9.60PL0" = HI-TECH PICC lite V9.60PL0
"PunkBusterSvc" = PunkBuster Services
"QuickPar" = QuickPar 0.9
"Steam App 240" = Counter-Strike: Source
"Steam App 630" = Alien Swarm
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"TrueCrypt" = TrueCrypt
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"uTorrent" = µTorrent
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.5
"WBFS Manager 3.0" = WBFS Manager 3.0
"WhatPulse" = WhatPulse 1.7
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Worms Reloaded_is1" = Worms Reloaded
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"sc11-AT_ORF_MAIN" = Ski Challenge 11 (AT)
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.12.2010 07:51:22 | Computer Name = ***-PC | Source = VSS | ID = 12292
Description =
Error - 11.12.2010 07:51:22 | Computer Name = ***-PC | Source = VSS | ID = 13
Description =
Error - 11.12.2010 07:51:22 | Computer Name = ***-PC | Source = VSS | ID = 12292
Description =
Error - 11.12.2010 07:52:09 | Computer Name = ***-PC | Source = VSS | ID = 13
Description =
Error - 11.12.2010 07:52:09 | Computer Name = ***-PC | Source = VSS | ID = 12292
Description =
Error - 11.12.2010 07:52:10 | Computer Name = ***-PC | Source = VSS | ID = 13
Description =
Error - 11.12.2010 07:52:10 | Computer Name = ***-PC | Source = VSS | ID = 12292
Description =
Error - 11.12.2010 07:52:10 | Computer Name = ***-PC | Source = VSS | ID = 13
Description =
Error - 11.12.2010 07:52:10 | Computer Name = ***-PC | Source = VSS | ID = 12292
Description =
Error - 11.12.2010 17:01:31 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WiiBaFu.exe, Version: 0.0.0.0, Zeitstempel:
0x4ceed7e9 Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.7.1.0, Zeitstempel:
0x4cd4ce16 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0010590f ID des fehlerhaften Prozesses:
0x17c0 Startzeit der fehlerhaften Anwendung: 0x01cb99766906bf58 Pfad der fehlerhaften
Anwendung: C:\Users\***\Desktop\Wii Backup Fusion 0.8.5\WiiBaFu.exe Pfad des
fehlerhaften Moduls: C:\Users\***\Desktop\Wii Backup Fusion 0.8.5\QtCore4.dll
Berichtskennung:
d3b50545-0569-11e0-be28-000feaec1e69
[ System Events ]
Error - 14.12.2010 10:24:26 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst OODefragAgent erreicht.
Error - 14.12.2010 10:24:31 | Computer Name = ***-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 14.12.2010 10:24:56 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst OODefragAgent erreicht.
Error - 14.12.2010 16:39:32 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst OODefragAgent erreicht.
Error - 15.12.2010 09:18:46 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 15.12.2010 09:18:50 | Computer Name = ***-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 15.12.2010 09:19:01 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst OODefragAgent erreicht.
Error - 15.12.2010 09:19:32 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst OODefragAgent erreicht.
Error - 15.12.2010 11:34:02 | Computer Name = ***-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\***\Desktop\MHS6.1\IUKJT
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 15.12.2010 11:34:02 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "JmfuZoyXBfg" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.12.2010 17:30:20 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\***\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1.024,00 Mb Total Physical Memory | 119,00 Mb Available Physical Memory | 12,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 59,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 29,29 Gb Total Space | 0,63 Gb Free Space | 2,15% Space Free | Partition Type: NTFS Drive D: | 157,01 Gb Total Space | 15,09 Gb Free Space | 9,61% Space Free | Partition Type: NTFS Drive M: | 962,20 Mb Total Space | 21,61 Mb Free Space | 2,25% Space Free | Partition Type: FAT Drive S: | 186,31 Gb Total Space | 5,87 Gb Free Space | 3,15% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: ***| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - D:\Programme\Mozilla Firefox 4.0 Beta 1\plugin-container.exe (Mozilla Corporation) PRC - D:\Programme\Mozilla Firefox 4.0 Beta 1\firefox.exe (Mozilla Corporation) PRC - D:\Program Files (x86)\SUPER\SUPER.exe (eRightSoft) PRC - D:\Program Files (x86)\WhatPulse\WhatPulse.exe (WhatPulse.org) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found SRV:64bit: - (npggsvc) -- C:\Windows\SysNative\GameMon.des File not found SRV:64bit: - (KMService) -- C:\Windows\SysNative\srvany.exe File not found SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (NitroDriverReadSpool) -- C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe (Nitro PDF Software) SRV:64bit: - (lxdu_device) -- C:\Windows\SysNative\lxducoms.exe ( ) SRV:64bit: - (lxduCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxduserv.exe () SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (OODefragAgent) -- D:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH) SRV - (TuneUp.UtilitiesSvc) -- D:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe () SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.) SRV - (AVP) -- D:\Program Files (x86)\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab) SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (lxdu_device) -- C:\Windows\SysWow64\lxducoms.exe ( ) SRV - (ABBYY.Licensing.FineReader.Professional.10.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NPPTNT2) -- C:\Windows\SysNative\npptNT2.sys File not found DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (KLBG) -- C:\Windows\SysNative\drivers\klbg.sys (Kaspersky Lab) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation) DRV:64bit: - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\SysNative\drivers\RTKVAC64.SYS (Realtek Semiconductor Corp.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (VCSVADHWSer) Avnex Virtual Audio Device (WDM) -- C:\Windows\SysNative\drivers\vcsvad.sys (Avnex) DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation) DRV - (TuneUpUtilitiesDrv) -- D:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 7D D3 2F 27 3B CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2600793&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/ig" FF - prefs.js..extensions.enabledItems: amin.eft_Shutdown@gmail.com:3.6.2D FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.5.2 FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.7 FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.5.6 FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: support@auto-hide-ip.com:1.0 FF - prefs.js..extensions.enabledItems: {536ea192-4331-47ea-8ac1-c334a845c9ee}:2.7.1.3 FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "190.144.93.154" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "190.144.93.154" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "67.23.5.193" FF - prefs.js..network.proxy.http_port: 443 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.ssl: "190.144.93.154" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js..network.proxy.http: "67.23.5.193" FF - user.js..network.proxy.http_port: 443 FF - user.js..network.proxy.type: 0);user_pref("network.proxy.socks", "" FF - user.js..network.proxy.socks_port: 0 FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: D:\Programme\Mozilla Firefox 4.0 Beta 1\components [2010.11.17 19:17:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: D:\Programme\Mozilla Firefox 4.0 Beta 1\plugins [2010.12.10 10:38:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: D:\Program Files (x86)\Kaspersky Security Suite CBE 10\THBExt [2010.08.26 19:08:12 | 000,000,000 | ---D | M] [2010.08.13 21:46:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla\Extensions [2010.12.10 13:07:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3q00ksrp.Profile-Old\extensions [2010.10.30 12:56:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3q00ksrp.Profile-Old\extensions\compatibility@addons.mozilla.org [2010.11.03 17:31:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3q00ksrp.Profile-Old\extensions\elemhidehelper@adblockplus.org [2010.08.31 11:18:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d5o2pxs4.default\extensions [2010.08.31 11:18:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d5o2pxs4.default\extensions\compatibility@addons.mozilla.org [2010.08.31 11:18:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d5o2pxs4.default\extensions\elemhidehelper@adblockplus.org [2010.08.31 11:18:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d5o2pxs4.default\extensions\firegestures@xuldev.org O1 HOSTS File: ([2010.11.23 20:32:39 | 000,001,289 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: The IP address should O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\x64\ievkbd.dll (Kaspersky Lab) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\x64\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O4:64bit: - HKLM..\Run: [EvtMgr6] D:\Programme\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [AVP] D:\Program Files (x86)\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [WhatPulse] D:\Program Files (x86)\WhatPulse\WhatPulse.exe (WhatPulse.org) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderInfo = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 1 O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\x64\klwtbbho.dll (Kaspersky Lab) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\x64\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~3\AVP9\mzvkbd3.dll) - C:\ProgramData\AVP9\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~3\AVP9\sbhook.dll) - C:\ProgramData\AVP9\sbhook.dll (Kaspersky Lab) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.02.12 17:43:56 | 000,000,000 | ---- | M] () - S:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{e080956d-a7cc-11df-9e92-000feaec1e69}\Shell - "" = AutoRun O33 - MountPoints2\{e080956d-a7cc-11df-9e92-000feaec1e69}\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.15 17:27:34 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.12.15 17:21:42 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll [2010.12.15 17:21:42 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll [2010.12.15 17:21:41 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll [2010.12.15 17:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5 [2010.12.15 17:17:32 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax [2010.12.15 17:17:32 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax [2010.12.15 17:17:32 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax [2010.12.15 17:17:31 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll [2010.12.15 17:17:31 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll [2010.12.15 17:17:31 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax [2010.12.15 17:17:31 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax [2010.12.15 17:17:31 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax [2010.12.15 17:17:31 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll [2010.12.15 17:17:31 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax [2010.12.15 17:17:31 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax [2010.12.15 17:17:31 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax [2010.12.15 17:17:31 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll [2010.12.15 17:15:28 | 029,508,222 | ---- | C] (eRightSoft ) -- C:\Users\***\Desktop\SUPERsetup42.exe [2010.12.15 17:13:30 | 000,000,000 | ---D | C] -- C:\AV_LOGS [2010.12.15 15:39:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.12.15 15:39:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.15 15:39:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.15 15:38:58 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.14 20:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.12.14 20:23:50 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\***\Desktop\spybotsd162.exe [2010.12.14 20:04:24 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\backups [2010.12.14 16:33:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.bsnes [2010.12.11 21:59:31 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Wii Backup Fusion 0.8.5 [2010.12.11 14:14:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oodag [2010.12.11 13:05:36 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Firstload Ikarus [2010.12.11 13:04:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Verimount [2010.12.11 12:50:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\O&O [2010.12.11 12:48:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations [2010.12.11 12:38:53 | 000,000,000 | ---D | C] -- C:\downloads [2010.12.10 15:58:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\QuickPar [2010.12.10 12:19:07 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\PJ64 1.7.50 [2010.12.10 12:05:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd [2010.12.10 12:04:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Logishrd [2010.12.10 11:04:51 | 000,839,680 | ---- | C] (hxxp://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm [2010.12.10 11:04:50 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm [2010.12.10 11:04:50 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll [2010.12.10 00:21:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\National Instruments [2010.12.05 17:36:48 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2010.12.05 17:36:47 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2010.12.05 17:36:47 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2010.12.05 17:36:47 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2010.12.02 20:23:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HI-TECH Software [2010.12.02 20:20:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\National Instruments [2010.12.02 20:18:15 | 000,000,000 | ---D | C] -- C:\Programme\National Instruments [2010.12.02 20:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\National Instruments [2010.12.02 18:53:34 | 000,000,000 | ---D | C] -- C:\Users\***\.netbeans [2010.12.02 18:53:08 | 000,000,000 | ---D | C] -- C:\Users\***\.netbeans-registration [2010.12.02 18:17:37 | 000,000,000 | ---D | C] -- C:\Users\***\.nbi [2010.12.02 18:15:08 | 000,521,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2010.12.02 18:15:08 | 000,189,216 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2010.12.02 18:15:08 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2010.12.02 18:15:08 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2010.11.29 20:15:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\KC Softwares [2010.11.27 21:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\createpart [2010.11.27 21:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher [2010.11.27 21:54:34 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher [2010.11.27 21:20:48 | 000,037,392 | ---- | C] (Paragon Software Group) -- C:\Windows\SysNative\drivers\hotcore3.sys [2010.11.25 08:47:32 | 002,250,568 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\ooscrsav.scr [2010.11.25 08:46:10 | 000,349,512 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\oodbs.exe [2010.11.25 08:45:58 | 000,535,880 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\oodssrs.dll [2010.11.25 08:45:40 | 000,010,056 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\oodbsrs.dll [2010.11.24 16:55:30 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\VirtualDJ [2010.11.24 16:03:20 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.11.22 21:11:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2010.11.20 23:35:13 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2010.11.20 23:35:13 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2010.11.20 23:35:11 | 020,280,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2010.11.20 23:35:11 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2010.11.20 23:35:10 | 001,308,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642030.dll [2010.11.20 23:35:09 | 001,500,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642050.dll [2010.11.20 23:35:08 | 012,787,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2010.11.20 23:35:07 | 010,021,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2010.11.20 23:35:07 | 002,911,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2010.11.20 23:35:06 | 003,112,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2010.11.20 23:35:06 | 002,934,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2010.11.20 23:35:05 | 006,470,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2010.11.20 23:35:05 | 004,836,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2010.11.20 23:35:05 | 002,666,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2010.11.20 23:35:02 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2010.11.20 23:35:01 | 018,597,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2010.11.20 23:35:01 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd [2010.11.20 23:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2010.11.20 22:50:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\GrabPro [2010.11.20 22:43:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Deployment [2010.11.20 22:28:06 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.11.20 22:28:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.11.20 22:28:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.11.19 23:51:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\mIRC [2010.11.19 23:46:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Steganos [2010.11.19 23:42:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\codeblocks [2010.11.19 23:40:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Process Hacker [2010.11.19 20:54:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Thinstall [2010.11.19 20:54:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Thinstall [2010.11.18 16:55:35 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll [2010.11.18 16:55:33 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll [2010.11.18 16:55:32 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll [2010.09.13 13:53:58 | 001,058,624 | ---- | C] (TuneUp Software) -- C:\Users\***\AppData\Local\77292.exe [2010.09.13 13:53:45 | 001,058,624 | ---- | C] (TuneUp Software) -- C:\Users\***\AppData\Local\826333.exe [2010.08.14 16:26:20 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduusb1.dll [2010.08.14 16:26:20 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdupmui.dll [2010.08.14 16:26:20 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduinpa.dll [2010.08.14 16:26:20 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduiesc.dll [2010.08.14 16:26:19 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduserv.dll [2010.08.14 16:26:19 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduhbn3.dll [2010.08.14 16:26:19 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdulmpm.dll [2010.08.14 16:26:18 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomm.dll [2010.08.14 16:26:17 | 000,761,856 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomc.dll [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.12.15 17:33:13 | 000,367,224 | ---- | M] (RegNow.com) -- C:\Users\***\Desktop\Download_iOrgSoftAMVConverter3.3.8_trial.exe [2010.12.15 17:27:34 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.12.15 17:17:34 | 000,000,819 | ---- | M] () -- C:\Users\Public\Desktop\SUPER © Uninstall.lnk [2010.12.15 17:17:34 | 000,000,795 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk [2010.12.15 17:16:12 | 029,508,222 | ---- | M] (eRightSoft ) -- C:\Users\***\Desktop\SUPERsetup42.exe [2010.12.15 15:39:05 | 000,000,813 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.15 14:49:27 | 002,015,011 | ---- | M] () -- C:\Users\***\Desktop\miranda-im-v0.9.13-x64.7z [2010.12.15 14:18:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.14 21:26:36 | 001,619,924 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.12.14 21:26:36 | 000,699,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.12.14 21:26:36 | 000,654,560 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.12.14 21:26:36 | 000,148,644 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.12.14 21:26:36 | 000,121,432 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.12.14 20:27:06 | 000,000,954 | ---- | M] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk [2010.12.14 20:24:37 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\***\Desktop\spybotsd162.exe [2010.12.14 16:37:50 | 000,965,199 | ---- | M] () -- C:\Users\***\Desktop\vSNES291_exec.rar [2010.12.14 15:40:31 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.14 15:40:31 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.13 21:01:41 | 000,079,147 | ---- | M] () -- C:\Users\***\Desktop\gesendeteauftraege.pdf [2010.12.11 12:49:57 | 000,002,757 | ---- | M] () -- C:\Users\Public\Desktop\O&O Defrag.lnk [2010.12.10 22:17:43 | 004,150,938 | ---- | M] () -- C:\Users\***\Desktop\CheatEngine6Alpha17.rar [2010.12.10 20:59:22 | 000,000,815 | ---- | M] () -- C:\Users\Public\Desktop\Firstload Ikarus.lnk [2010.12.10 15:57:56 | 000,000,721 | ---- | M] () -- C:\Users\***\Desktop\QuickPar.lnk [2010.12.10 12:19:59 | 000,001,314 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2010.12.10 12:14:07 | 004,969,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.12.10 12:13:33 | 804,950,016 | -HS- | M] () -- C:\hiberfil.sys [2010.12.10 12:03:43 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2010.12.09 10:03:59 | 000,000,729 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.12.09 09:32:56 | 001,044,437 | ---- | M] () -- C:\Users\***\Desktop\megui-0_3_1_1001.exe [2010.12.09 09:28:20 | 005,424,911 | ---- | M] () -- C:\Users\***\Desktop\mkvtoolnix-unicode-4.4.0.7z [2010.12.09 09:14:44 | 000,150,083 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2010.12.09 09:14:43 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2010.12.05 17:36:44 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2010.12.05 13:01:26 | 000,000,825 | ---- | M] () -- C:\Users\***\Documents\M64Cheats.lssave [2010.12.02 19:05:21 | 000,043,520 | ---- | M] () -- C:\Users\***\Desktop\Werkstaettenbericht.doc [2010.12.02 18:44:36 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\NetBeans IDE 6.9.1.lnk [2010.12.02 18:14:06 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2010.12.02 18:14:06 | 000,189,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2010.12.02 18:14:06 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2010.12.02 18:14:06 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2010.11.29 21:32:22 | 000,000,799 | ---- | M] () -- C:\Users\***\Desktop\Ski Challenge 11 (AT) starten.lnk [2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.11.29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.11.27 21:20:10 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\Paragon Partition Manager™ 11 Professional.lnk [2010.11.25 08:47:32 | 002,250,568 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\ooscrsav.scr [2010.11.25 08:46:10 | 000,349,512 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\oodbs.exe [2010.11.25 08:45:58 | 000,535,880 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\oodssrs.dll [2010.11.25 08:45:40 | 000,010,056 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\oodbsrs.dll [2010.11.24 19:00:00 | 000,136,704 | ---- | M] () -- C:\Windows\SysNative\ff_vfw.dll [2010.11.24 16:55:36 | 000,000,745 | ---- | M] () -- C:\Users\***\Desktop\Virtual DJ Pro.lnk [2010.11.24 09:00:00 | 000,108,032 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll [2010.11.24 09:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini [2010.11.20 23:08:02 | 000,000,733 | ---- | M] () -- C:\Users\Public\Desktop\FlashFXP.lnk [2010.11.19 23:51:58 | 000,034,308 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll [2010.11.19 23:50:58 | 000,000,851 | ---- | M] () -- C:\Users\***\Desktop\Password Manager.lnk [2010.11.19 23:28:32 | 000,000,609 | -H-- | M] () -- C:\Users\***\AppData\Roaming\***log.dat [2010.11.19 23:24:38 | 000,062,931 | ---- | M] () -- C:\Users\***\AppData\Roaming\***3SQLite3.dll [2010.11.19 16:53:48 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2010.11.19 16:49:14 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2010.11.19 16:49:12 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2010.11.19 16:49:08 | 000,036,160 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2010.11.19 16:49:04 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.12.15 17:21:41 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.12.15 17:17:34 | 000,000,819 | ---- | C] () -- C:\Users\Public\Desktop\SUPER © Uninstall.lnk [2010.12.15 17:17:34 | 000,000,795 | ---- | C] () -- C:\Users\Public\Desktop\SUPER ©.lnk [2010.12.15 17:17:31 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax [2010.12.15 17:17:31 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax [2010.12.15 17:17:31 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax [2010.12.15 17:17:31 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax [2010.12.15 17:17:31 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax [2010.12.15 17:17:31 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax [2010.12.15 17:17:31 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax [2010.12.15 17:17:31 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax [2010.12.15 15:39:05 | 000,000,813 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.15 14:49:27 | 002,015,011 | ---- | C] () -- C:\Users\***\Desktop\miranda-im-v0.9.13-x64.7z [2010.12.14 20:27:06 | 000,000,954 | ---- | C] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk [2010.12.14 16:37:48 | 000,965,199 | ---- | C] () -- C:\Users\***\Desktop\vSNES291_exec.rar [2010.12.13 21:01:31 | 000,079,147 | ---- | C] () -- C:\Users\***\Desktop\gesendeteauftraege.pdf [2010.12.11 12:49:57 | 000,002,757 | ---- | C] () -- C:\Users\Public\Desktop\O&O Defrag.lnk [2010.12.10 22:14:48 | 004,150,938 | ---- | C] () -- C:\Users\***\Desktop\CheatEngine6Alpha17.rar [2010.12.10 22:02:03 | 000,191,488 | ---- | C] () -- C:\Windows\SysNative\unrar.dll [2010.12.10 22:02:02 | 000,136,704 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll [2010.12.10 20:59:22 | 000,000,815 | ---- | C] () -- C:\Users\Public\Desktop\Firstload Ikarus.lnk [2010.12.10 15:57:56 | 000,000,721 | ---- | C] () -- C:\Users\***\Desktop\QuickPar.lnk [2010.12.10 12:05:06 | 000,001,314 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2010.12.10 11:04:51 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml [2010.12.10 11:04:51 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.12.10 11:04:50 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.12.10 11:04:50 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.12.10 11:04:50 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010.12.09 10:03:58 | 000,000,729 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.12.09 09:32:55 | 001,044,437 | ---- | C] () -- C:\Users\***\Desktop\megui-0_3_1_1001.exe [2010.12.09 09:28:05 | 005,424,911 | ---- | C] () -- C:\Users\***\Desktop\mkvtoolnix-unicode-4.4.0.7z [2010.12.02 18:44:35 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\NetBeans IDE 6.9.1.lnk [2010.11.29 21:32:22 | 000,000,799 | ---- | C] () -- C:\Users\***\Desktop\Ski Challenge 11 (AT) starten.lnk [2010.11.27 21:20:10 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\Paragon Partition Manager™ 11 Professional.lnk [2010.11.24 16:55:36 | 000,000,745 | ---- | C] () -- C:\Users\***\Desktop\Virtual DJ Pro.lnk [2010.11.19 23:51:58 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll [2010.11.19 23:50:02 | 000,000,851 | ---- | C] () -- C:\Users\***\Desktop\Password Manager.lnk [2010.11.19 23:24:38 | 000,062,931 | ---- | C] () -- C:\Users\***\AppData\Roaming\***3SQLite3.dll [2010.10.24 20:08:20 | 000,000,167 | ---- | C] () -- C:\ProgramData\nbinst.ini [2010.10.24 19:30:54 | 000,000,167 | ---- | C] () -- C:\ProgramData\nb558temp.ini [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.09.14 14:02:34 | 001,639,226 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.09.11 16:04:36 | 003,799,951 | ---- | C] () -- C:\Windows\SysWow64\erdmpg-6.dll [2010.08.26 14:08:20 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.22 16:00:19 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010.08.14 16:34:56 | 000,000,089 | ---- | C] () -- C:\ProgramData\lxdu.log [2010.08.14 16:28:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxducaps.dll [2010.08.14 16:28:06 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxducnv4.dll [2010.08.14 16:28:05 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdudrs.dll [2010.08.14 16:26:21 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDUinst.dll [2010.08.14 16:26:21 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxducomx.dll [2010.08.14 14:07:09 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt [2010.08.14 00:08:41 | 000,154,144 | ---- | C] () -- C:\Windows\SysWow64\RTLCPAPI.dll [2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2009.09.16 16:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll [2009.07.29 10:35:54 | 002,378,752 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2005.04.08 03:16:43 | 000,000,609 | -H-- | C] () -- C:\Users\***\AppData\Roaming\***log.dat < End of report > MfG |
|
16.12.2010, 11:16
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wie Ausführen Dialog lässt sich nicht öffnen(Win7 x64)Zitat:
 Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "190.144.93.154"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "190.144.93.154"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "67.23.5.193"
FF - prefs.js..network.proxy.http_port: 443
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.ssl: "190.144.93.154"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js..network.proxy.http: "67.23.5.193"
FF - user.js..network.proxy.http_port: 443
FF - user.js..network.proxy.type: 0);user_pref("network.proxy.socks", ""
FF - user.js..network.proxy.socks_port: 0
O32 - AutoRun File - [2010.02.12 17:43:56 | 000,000,000 | ---- | M] () - S:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e080956d-a7cc-11df-9e92-000feaec1e69}\Shell - "" = AutoRun
O33 - MountPoints2\{e080956d-a7cc-11df-9e92-000feaec1e69}\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found
[2010.12.15 17:21:41 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.12.2010, 15:34
| #6 |
| Gesperrt | Wo Ausführen Dialog lässt sich nicht öffnen(Win7 x64) Lösung! Es scheint wieder alles zu gehen, vielen Dank.  Zu Firefox: Ich verwende gerne aktuelle Versionen, wenn sie nicht Abstürzen oder extrem viele Bugs haben. Vorallem bei Programmen, die ich jeden Tag verwende. OTL Log: Code:
ATTFilter All processes killed
Error: Unable to interpret <FF - prefs.js..network.proxy.backup.ftp: ""> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.backup.ftp_port: 0> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.backup.gopher: ""> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.backup.gopher_port: 0> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.backup.socks: ""> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.backup.socks_port: 0> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.backup.ssl: ""> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.backup.ssl_port: 0> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.ftp: "190.144.93.154"> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.ftp_port: 8080> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.gopher: "190.144.93.154"> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.gopher_port: 8080> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.http: "67.23.5.193"> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.http_port: 443> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.share_proxy_settings: true> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.ssl: "190.144.93.154"> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.ssl_port: 8080> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.type: 0> in the current context!
Error: Unable to interpret <FF - user.js..network.proxy.http: "67.23.5.193"> in the current context!
Error: Unable to interpret <FF - user.js..network.proxy.http_port: 443> in the current context!
Error: Unable to interpret <FF - user.js..network.proxy.type: 0);user_pref("network.proxy.socks", ""> in the current context!
Error: Unable to interpret <FF - user.js..network.proxy.socks_port: 0> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2010.02.12 17:43:56 | 000,000,000 | ---- | M] () - S:\AUTOEXEC.BAT -- [ NTFS ]> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{e080956d-a7cc-11df-9e92-000feaec1e69}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{e080956d-a7cc-11df-9e92-000feaec1e69}\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found> in the current context!
Error: Unable to interpret <[2010.12.15 17:21:41 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll> in the current context!
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ***
->Temp folder emptied: 9105535 bytes
->Temporary Internet Files folder emptied: 91294704 bytes
->Java cache emptied: 10938366 bytes
->FireFox cache emptied: 185263983 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 80912 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1619120 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66156 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 250213719 bytes
Total Files Cleaned = 523,00 mb
OTL by OldTimer - Version 3.2.17.3 log created on 12162010_152246
Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
16.12.2010, 16:56
| #7 |
| Gesperrt | Ausführen Dialog lässt sich nicht öffnen(Win7 x64) Lol der Rechtsklick funktioniert am Desktop nicht. Hab schon alles versucht, geht nicht mal mit der Tastaturmaus. |
|
16.12.2010, 20:22
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ausführen Dialog lässt sich nicht öffnen(Win7 x64)Zitat:
 Eine Beta ist ausdrücklich zum Testen da, sie enthält noch viele Fehler und ist wahrscheinlich instabil! Außerdem hast du im Script das ":OTL" (erste Zeile!) nicht mitkopiert trotz meines deutlichen Hinweises!! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.12.2010, 19:07
| #9 |
| Gesperrt | Ausführen Dialog lässt sich nicht öffnen(Win7 x64) Bei Firefox konnte ich eigentlich noch keinen richtigen Bug finden. Das einzige, was mich nervt ist, dass einige Addons nicht funktionieren^^. Nochmal der OTL Log: Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "" removed from network.proxy.backup.ftp
Prefs.js: 0 removed from network.proxy.backup.ftp_port
Prefs.js: "" removed from network.proxy.backup.gopher
Prefs.js: 0 removed from network.proxy.backup.gopher_port
Prefs.js: "" removed from network.proxy.backup.socks
Prefs.js: 0 removed from network.proxy.backup.socks_port
Prefs.js: "" removed from network.proxy.backup.ssl
Prefs.js: 0 removed from network.proxy.backup.ssl_port
Prefs.js: "190.144.93.154" removed from network.proxy.ftp
Prefs.js: 8080 removed from network.proxy.ftp_port
Prefs.js: "190.144.93.154" removed from network.proxy.gopher
Prefs.js: 8080 removed from network.proxy.gopher_port
Prefs.js: "67.23.5.193" removed from network.proxy.http
Prefs.js: 443 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "190.144.93.154" removed from network.proxy.ssl
Prefs.js: 8080 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
C:\Users\Messna\AppData\Roaming\Mozilla\FireFox\Profiles\d5o2pxs4.default\user.js moved successfully.
S:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e080956d-a7cc-11df-9e92-000feaec1e69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e080956d-a7cc-11df-9e92-000feaec1e69}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e080956d-a7cc-11df-9e92-000feaec1e69}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e080956d-a7cc-11df-9e92-000feaec1e69}\ not found.
File L:\autorun.exe not found.
C:\Windows\SysWOW64\AVSredirect.dll moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Messna
->Temp folder emptied: 839961 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 165693768 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1331 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 19810768 bytes
Total Files Cleaned = 178,00 mb
OTL by OldTimer - Version 3.2.17.3 log created on 12162010_211514
Files\Folders moved on Reboot...
C:\Users\Messna\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
19.12.2010, 15:14
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ausführen Dialog lässt sich nicht öffnen(Win7 x64) [gelöst] Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.12.2010, 22:23
| #11 |
| Gesperrt | Ausführen Dialog lässt sich nicht öffnen(Win7 x64) [gelöst]Code:
ATTFilter ComboFix 10-12-18.02 - *** 19.12.2010 21:57:59.1.1 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.43.1031.18.1024.561 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
AV: Kaspersky Security Suite CBE 10 *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Security Suite CBE 10 *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Security Suite CBE 10 *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\***\AppData\Local\77292.exe
c:\users\***\AppData\Local\826333.exe
c:\users\***\AppData\Roaming\EurekaLog
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_RelevantKnowledge
((((((((((((((((((((((( Dateien erstellt von 2010-11-19 bis 2010-12-19 ))))))))))))))))))))))))))))))
.
2010-12-19 21:07 . 2010-12-19 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-19 18:16 . 2010-05-12 08:42 631616 ----a-w- C:\MSVCP100D.dll
2010-12-19 18:14 . 2010-05-12 08:42 631616 ----a-w- c:\windows\system32\MSVCP100D.dll
2010-12-17 21:28 . 2010-01-06 12:13 506368 ----a-w- c:\windows\SysWow64\sqlite3.dll
2010-12-16 15:53 . 1998-10-09 12:02 75776 ----a-w- c:\windows\SysWow64\DWSPY36.dll
2010-12-16 15:53 . 1998-09-01 00:09 140800 ----a-w- c:\windows\SysWow64\DWSHK36.OCX
2010-12-16 14:22 . 2010-12-16 14:22 -------- d-----w- C:\_OTL
2010-12-15 20:42 . 2010-12-18 12:06 -------- d-----w- c:\users\***\AppData\Roaming\IDM
2010-12-15 20:42 . 2010-12-19 21:13 -------- d-----w- c:\users\***\AppData\Roaming\DMCache
2010-12-15 17:12 . 2010-12-15 17:12 -------- d-----w- c:\users\***\AppData\Roaming\Apowersoft
2010-12-15 16:33 . 2010-12-15 16:33 -------- d-----w- c:\users\***\AppData\Roaming\GetRightToGo
2010-12-15 16:21 . 2009-09-27 08:39 369152 ----a-w- c:\windows\SysWow64\avisynth.dll
2010-12-15 16:21 . 2004-02-22 09:11 719872 ----a-w- c:\windows\SysWow64\devil.dll
2010-12-15 16:21 . 2004-01-24 23:00 70656 ----a-w- c:\windows\SysWow64\i420vfw.dll
2010-12-15 16:21 . 2010-12-15 16:21 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2010-12-15 16:13 . 2010-12-15 16:13 -------- d-----w- C:\AV_LOGS
2010-12-15 14:39 . 2010-12-15 14:39 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2010-12-15 14:39 . 2010-11-29 16:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-15 14:39 . 2010-12-15 14:39 -------- d-----w- c:\programdata\Malwarebytes
2010-12-15 14:38 . 2010-11-29 16:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 19:26 . 2010-12-19 20:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-12-14 15:33 . 2010-12-14 15:33 -------- d-----w- c:\users\***\AppData\Roaming\.bsnes
2010-12-11 13:14 . 2010-12-11 14:14 -------- d-----w- c:\windows\system32\oodag
2010-12-11 12:04 . 2010-12-11 12:04 -------- d-----w- c:\users\***\AppData\Roaming\Verimount
2010-12-11 11:50 . 2010-12-11 11:50 -------- d-----w- c:\users\***\AppData\Local\O&O
2010-12-11 11:48 . 2010-12-11 11:48 -------- d-----w- c:\users\***\AppData\Local\Downloaded Installations
2010-12-11 11:38 . 2010-12-11 11:38 -------- d-----w- C:\downloads
2010-12-10 21:02 . 2010-03-15 10:31 191488 ----a-w- c:\windows\system32\unrar.dll
2010-12-10 21:02 . 2010-11-24 18:00 136704 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-10 14:58 . 2010-12-10 15:06 -------- d-----w- c:\users\***\AppData\Local\QuickPar
2010-12-10 11:19 . 2010-12-10 11:19 53248 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-12-10 11:05 . 2010-12-10 11:05 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2010-12-10 11:04 . 2010-12-10 11:04 -------- d-----w- c:\users\***\AppData\Local\Logishrd
2010-12-10 10:04 . 2008-09-24 19:41 839680 ----a-w- c:\windows\SysWow64\lameACM.acm
2010-12-10 10:04 . 2010-11-24 08:00 108032 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2010-12-10 10:04 . 2010-06-08 17:10 790528 ----a-w- c:\windows\SysWow64\xvidcore.dll
2010-12-10 10:04 . 2010-06-08 17:10 134144 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2010-12-10 10:04 . 2010-01-17 16:18 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2010-12-10 10:04 . 2004-01-24 23:00 70656 ----a-w- c:\windows\SysWow64\yv12vfw.dll
2010-12-09 23:21 . 2010-12-09 23:21 -------- d-----w- c:\users\***\AppData\Roaming\National Instruments
2010-12-09 08:02 . 2010-12-09 05:40 139840 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2010-12-05 16:36 . 2010-11-19 15:49 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2010-12-05 16:36 . 2010-11-19 15:49 25920 ----a-w- c:\windows\system32\authuitu.dll
2010-12-05 16:36 . 2010-11-19 15:49 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2010-12-05 16:36 . 2010-11-19 15:49 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2010-12-02 19:23 . 2010-12-02 19:23 -------- d-----w- c:\program files (x86)\HI-TECH Software
2010-12-02 19:21 . 2000-01-28 17:17 557328 ----a-w- c:\program files\Common Files\Microsoft Shared\dao\dao360.dll
2010-12-02 19:18 . 2010-12-02 19:18 -------- d-----w- c:\program files\National Instruments
2010-12-02 19:14 . 2010-12-10 09:38 -------- d-----w- c:\programdata\National Instruments
2010-12-02 17:53 . 2010-12-02 19:14 -------- d-----w- c:\users\***\.netbeans
2010-12-02 17:53 . 2010-12-02 17:53 -------- d-----w- c:\users\***\.netbeans-registration
2010-12-02 17:17 . 2010-12-02 17:58 -------- d-----w- c:\users\***\.nbi
2010-12-02 17:15 . 2010-12-02 17:14 521448 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-29 19:15 . 2010-11-29 19:15 -------- d-----w- c:\users\***\AppData\Roaming\KC Softwares
2010-11-27 20:55 . 2010-11-27 20:55 -------- d-----w- c:\programdata\createpart
2010-11-27 20:54 . 2010-11-27 20:54 -------- d-----w- c:\programdata\explauncher
2010-11-27 20:54 . 2010-11-27 20:54 -------- d-----w- c:\programdata\launcher
2010-11-27 20:20 . 2010-05-20 14:26 37392 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-11-25 07:47 . 2010-11-25 07:47 2250568 ----a-w- c:\windows\system32\ooscrsav.scr
2010-11-25 07:46 . 2010-11-25 07:46 349512 ----a-w- c:\windows\system32\oodbs.exe
2010-11-25 07:45 . 2010-11-25 07:45 535880 ----a-w- c:\windows\system32\oodssrs.dll
2010-11-25 07:45 . 2010-11-25 07:45 10056 ----a-w- c:\windows\system32\oodbsrs.dll
2010-11-24 15:08 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-24 15:08 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2010-11-22 20:11 . 2010-11-22 20:14 -------- d-----w- c:\users\***\AppData\Roaming\DAEMON Tools Lite
2010-11-20 22:11 . 2010-11-22 20:12 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-11-20 21:50 . 2010-11-20 21:50 -------- d-----w- c:\users\***\AppData\Roaming\GrabPro
2010-11-20 21:43 . 2010-11-20 21:45 -------- d-----w- c:\users\***\AppData\Local\Deployment
2010-11-19 22:51 . 2010-11-19 22:53 -------- d-----w- c:\users\***\AppData\Roaming\mIRC
2010-11-19 22:46 . 2010-11-19 22:50 -------- d-----w- c:\users\***\AppData\Roaming\Steganos
2010-11-19 22:42 . 2010-11-19 22:43 -------- d-----w- c:\users\***\AppData\Roaming\codeblocks
2010-11-19 22:40 . 2010-11-19 22:42 -------- d-----w- c:\users\***\AppData\Roaming\Process Hacker
2010-11-19 22:24 . 2010-11-19 22:24 62931 ----a-w- c:\users\***\AppData\Roaming\***3SQLite3.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-10 11:03 . 2010-08-14 08:08 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-11-19 15:53 . 2010-10-22 16:33 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2010-11-02 16:38 . 2010-11-02 16:23 235248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2010-11-02 16:38 . 2010-11-02 16:23 235248 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2010-10-30 14:39 . 2010-10-30 14:39 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2010-10-30 14:39 . 2010-10-30 14:39 2373712 ----a-w- c:\windows\SysWow64\pbsvc.exe
2010-10-14 00:36 . 2010-10-14 00:36 15451288 ----a-w- c:\windows\SysWow64\xlive.dll
2010-10-14 00:36 . 2010-10-14 00:36 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2010-10-08 08:47 . 2010-08-14 08:16 2159720 ----a-w- c:\windows\system32\nvapi64.dll
2010-10-08 08:47 . 2010-08-14 08:16 1718376 ----a-w- c:\windows\SysWow64\nvapi.dll
2010-10-08 01:22 . 2010-10-08 01:22 5891176 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-08 01:21 . 2010-10-08 01:21 2590824 ----a-w- c:\windows\system32\nvsvc64.dll
2010-10-08 01:20 . 2010-10-08 01:20 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-08 01:20 . 2010-10-08 01:20 990312 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-08 01:20 . 2010-10-08 01:20 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-09-30 17:16 . 2010-09-30 17:16 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2010-09-24 19:26 . 2010-09-24 19:26 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-24 19:26 . 2010-09-24 19:26 122968 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-24 19:26 . 2010-09-24 19:26 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2010-09-24 19:26 . 2010-09-24 19:26 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-22 19:06 . 2010-09-22 19:06 230352 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-09-21 12:49 . 2010-09-21 12:49 252800 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-21 12:03 . 2010-09-21 12:03 208768 ----a-w- c:\windows\SysWow64\LIVESSP.DLL
2006-05-03 10:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WhatPulse"="d:\program files (x86)\WhatPulse\WhatPulse.exe" [2010-08-09 2922496]
"IDMan"="d:\program files (x86)\Internet Download Manager\IDMan.exe" [2010-09-29 3249504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="d:\program files (x86)\Kaspersky Security Suite CBE 10\avp.exe" [2010-05-06 361120]
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderInfo"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\AVP9\mzvkbd3.dll c:\progra~3\AVP9\sbhook.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Bonus.SSR.FR10"="d:\program files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
"BCSSync"="d:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dump_wmimmc;dump_wmimmc;d:\program files (x86)\FLYFF\GameGuard\dump_wmimmc.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-19 50688]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-14 1255736]
R3 X6va003;X6va003;c:\users\***\AppData\Local\Temp\003C138.tmp [x]
R4 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-21 814344]
R4 CGVPNCliSrvc;CyberGhost VPN Client;d:\programme\CyberGhost VPN\CGVPNCliService.exe [2010-06-25 2398856]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 0]
R4 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [2010-02-04 29184]
R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R4 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2010-06-24 341312]
R4 OODefragAgent;O&O Defrag;d:\program files\OO Software\Defrag\oodag.exe [2010-11-25 3152200]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-05-20 37392]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-10-14 40464]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-27 828912]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 27152]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2010-12-09 139840]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2010-02-04 1039360]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-11-19 1974080]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 21008]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2010-02-24 726816]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
.
Inhalt des "geplante Tasks" Ordners
2010-10-22 c:\windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011.job
- d:\program files (x86)\TuneUp Utilities 2011\OneClick.exe [2010-11-19 15:54]
2010-10-22 c:\windows\Tasks\{DD552472-A185-4a0c-AC58-90AA40E9E26A}.job
- c:\windows\explorer.exe [2010-08-14 06:34]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-12-09 05:40 82648 ----a-w- d:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\cofi\CF16794.cfxxe" [X]
"EvtMgr6"="d:\programme\SetPointP\SetPoint.exe" [2010-10-28 1680976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.sharewareisland.com
mStart Page = hxxp://www.sharewareisland.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.sharewareisland.com/quicksearch.aspx
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: An OneNote s&enden - d:\progra~2\Microsoft Office\Office14\ONBttnIE.dll/105
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Download aller Links mit IDM - d:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV-Videoinhalt mit IDM - d:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download mit IDM - d:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Nach Microsoft E&xcel exportieren - d:\progra~2\Microsoft Office\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\***\AppData\Local\Temp\003C138.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="94075E471927A8C8CF34CCED52EF0B247F85530C72E9B7E0DD99396EB8E9F1D8EDBFFC420ED6A304A407B389B7970092FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B5555D575E7D6A3B9808C038D530D6EB3452EB43448A1F3973AC85FD99D3E47430E553C05F743C0BBFCA3E27EA8D6451EAACDBC3F0AB2EF3C4841DB0E4322EE9518D816A61A2F9B938A85EFCA229F20B041BB2818F7A2992F7119267578948BC71FB9A95998719B9D73676D1A0AF87CFA5FDF782AEEBCBFCF23D3EB5564511711D23E981E42238CEF80AE4325C57243C12B1BBBF010C1951804AFD20EE642B43CAC7BCE349073C6D578D079EF36A0CA5EDE68A28D9F7545ECE4D3424CCFA7A9ED006E5636E5E4AC21281428DA6C54713C3A0FC1EB462882A71AFC53046AE2CA468C83D1D9F65CF2AAFF77CE6DAD921BF7F35A7F6B091026B5C2C1C2650BBACAC34D31D9FCD6BF83997D7A208992CAC1C73D32B7C0DDF5190EAD5255E06F1AD3EB6BB63EF0B55BB3416DB23428ED63B4A55F8A5ED32BBCCB95D8FD223A634A697566B7306919A4E97DB92F25A8B85E4A2BD7ABB7CA8268CB953931B3415F8D1A9DE20334EBBC8AA90FC5E098805FB87B1AAFE97CD1FB66E1BD5EC7644D7CC2C9B00EB0E2809FE1281F1F661FA930D42357D8265FB6597139ACCFE63F91A4E78C5CC34F1671FF185819766FB52F42379217AD55596F386DF2688FB63EFAAB0BCB6BDB15255C46A4E5BAD8C5BA389BBD51ECC1B1C9DE3D67EE4BA6F7CB67CBBC32DACF426ACE5C2750DD91B88F756E7C28680CA720972EC5B2EF9B33850A6CA1B2259DD669D92EC4CC822988D4C054DF0E908B115C102C5280F40F8A3B3644B153E68A1934CFE6EE376F4E0FB12E0A3538BB76E45A598ECD8C76CC6504C93C3C7DC5F4B2FD1835D142FA2A1652EDC392464C97446866106A8CC40F4D47938C80D122CB840B81A65F8C15FDEE2788BEF5E1F5B0C612B27469246E22FCA0DF78682A21B9AD081E3C9713242EE903FA7BCC11CED5163CDDD7AD891DDF6CE4F1FBB8C07E1F6F0A0A4DC9F35C97B8C448C29526D66349D1B1CFD80BEA021837A1B3DCF6E9728B1FDC507EBB5D4857AB93DD05ADA0FF763B69945D213FCD58E3E8070B539365DAAF4504400D2A7DD034B5D67E2DF95358E363655DD052A13193D05D16DFD1F15F65676A54CDE6C2C5215B430BDAD09D5FBA2724970C4C0A8CF8E0470E90594A634668A4E83DFADE997A832857FA5E01B8A7B75CE22AE40BB66BC7CEF5F4CBDBC85DB86F89C10DC68050AE5D3806077989FB187A74A5A8CC412C68F07C80527D3916484EED3DF4EC754B2841EDB2A07B6A42B982B078EE9910B2108806516BE3F039EC492A6EFB980BF8F6777F0013430"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\srvany.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-12-19 22:16:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-12-19 21:16
Vor Suchlauf: 2.254.254.080 Bytes frei
Nach Suchlauf: 2.338.951.168 Bytes frei
- - End Of File - - D72EB7FEFF54BAE17CE969DEE0BA7EE9
|
|
20.12.2010, 08:29
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ausführen Dialog lässt sich nicht öffnen(Win7 x64) [gelöst] Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter File::
c:\users\***\AppData\Local\Temp\003C138.tmp
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
Driver::
X6va003
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.12.2010, 21:56
| #13 |
| Gesperrt | Ausführen Dialog lässt sich nicht öffnen(Win7 x64) [gelöst]Code:
ATTFilter ComboFix 10-12-18.02 - *** 22.12.2010 20:37:56.2.1 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.43.1031.18.1024.257 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
AV: Kaspersky Security Suite CBE 10 *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Security Suite CBE 10 *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Security Suite CBE 10 *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
FILE ::
"c:\users\***\AppData\Local\Temp\003C138.tmp"
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
----- BITS: Eventuell infizierte Webseiten -----
hxxp://email.***.at (Email meiner Schule)
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_X6VA003
-------\Service_X6va003
((((((((((((((((((((((( Dateien erstellt von 2010-11-22 bis 2010-12-22 ))))))))))))))))))))))))))))))
.
2010-12-22 19:49 . 2010-12-22 19:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-21 20:09 . 2010-12-21 20:09 -------- d-----w- c:\users\***\AppData\Local\TechHit
2010-12-19 18:16 . 2010-05-12 08:42 631616 ----a-w- C:\MSVCP100D.dll
2010-12-19 18:14 . 2010-05-12 08:42 631616 ----a-w- c:\windows\system32\MSVCP100D.dll
2010-12-17 21:28 . 2010-01-06 12:13 506368 ----a-w- c:\windows\SysWow64\sqlite3.dll
2010-12-16 15:53 . 1998-10-09 12:02 75776 ----a-w- c:\windows\SysWow64\DWSPY36.dll
2010-12-16 15:53 . 1998-09-01 00:09 140800 ----a-w- c:\windows\SysWow64\DWSHK36.OCX
2010-12-16 14:22 . 2010-12-16 14:22 -------- d-----w- C:\_OTL
2010-12-15 20:42 . 2010-12-18 12:06 -------- d-----w- c:\users\***\AppData\Roaming\IDM
2010-12-15 20:42 . 2010-12-22 19:33 -------- d-----w- c:\users\***\AppData\Roaming\DMCache
2010-12-15 17:12 . 2010-12-15 17:12 -------- d-----w- c:\users\***\AppData\Roaming\Apowersoft
2010-12-15 16:33 . 2010-12-15 16:33 -------- d-----w- c:\users\***\AppData\Roaming\GetRightToGo
2010-12-15 16:21 . 2009-09-27 08:39 369152 ----a-w- c:\windows\SysWow64\avisynth.dll
2010-12-15 16:21 . 2004-02-22 09:11 719872 ----a-w- c:\windows\SysWow64\devil.dll
2010-12-15 16:21 . 2004-01-24 23:00 70656 ----a-w- c:\windows\SysWow64\i420vfw.dll
2010-12-15 16:21 . 2010-12-15 16:21 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2010-12-15 16:13 . 2010-12-15 16:13 -------- d-----w- C:\AV_LOGS
2010-12-15 14:39 . 2010-12-15 14:39 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2010-12-15 14:39 . 2010-11-29 16:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-15 14:39 . 2010-12-15 14:39 -------- d-----w- c:\programdata\Malwarebytes
2010-12-15 14:38 . 2010-11-29 16:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 19:26 . 2010-12-19 20:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-12-14 15:33 . 2010-12-14 15:33 -------- d-----w- c:\users\***\AppData\Roaming\.bsnes
2010-12-11 13:14 . 2010-12-11 14:14 -------- d-----w- c:\windows\system32\oodag
2010-12-11 12:04 . 2010-12-11 12:04 -------- d-----w- c:\users\***\AppData\Roaming\Verimount
2010-12-11 11:50 . 2010-12-11 11:50 -------- d-----w- c:\users\***\AppData\Local\O&O
2010-12-11 11:48 . 2010-12-11 11:48 -------- d-----w- c:\users\***\AppData\Local\Downloaded Installations
2010-12-11 11:38 . 2010-12-11 11:38 -------- d-----w- C:\downloads
2010-12-10 21:02 . 2010-03-15 10:31 191488 ----a-w- c:\windows\system32\unrar.dll
2010-12-10 21:02 . 2010-11-24 18:00 136704 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-10 14:58 . 2010-12-10 15:06 -------- d-----w- c:\users\***\AppData\Local\QuickPar
2010-12-10 11:19 . 2010-12-10 11:19 53248 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-12-10 11:05 . 2010-12-10 11:05 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2010-12-10 11:04 . 2010-12-10 11:04 -------- d-----w- c:\users\***\AppData\Local\Logishrd
2010-12-10 10:04 . 2008-09-24 19:41 839680 ----a-w- c:\windows\SysWow64\lameACM.acm
2010-12-10 10:04 . 2010-11-24 08:00 108032 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2010-12-10 10:04 . 2010-06-08 17:10 790528 ----a-w- c:\windows\SysWow64\xvidcore.dll
2010-12-10 10:04 . 2010-06-08 17:10 134144 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2010-12-10 10:04 . 2010-01-17 16:18 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2010-12-10 10:04 . 2004-01-24 23:00 70656 ----a-w- c:\windows\SysWow64\yv12vfw.dll
2010-12-09 08:02 . 2010-12-09 05:40 139840 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2010-12-05 16:36 . 2010-11-19 15:49 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2010-12-05 16:36 . 2010-11-19 15:49 25920 ----a-w- c:\windows\system32\authuitu.dll
2010-12-05 16:36 . 2010-11-19 15:49 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2010-12-05 16:36 . 2010-11-19 15:49 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2010-12-02 19:23 . 2010-12-02 19:23 -------- d-----w- c:\program files (x86)\HI-TECH Software
2010-12-02 19:21 . 2000-01-28 17:17 557328 ----a-w- c:\program files\Common Files\Microsoft Shared\dao\dao360.dll
2010-12-02 19:18 . 2010-12-02 19:18 -------- d-----w- c:\program files\National Instruments
2010-12-02 19:14 . 2010-12-10 09:38 -------- d-----w- c:\programdata\National Instruments
2010-12-02 17:53 . 2010-12-02 19:14 -------- d-----w- c:\users\***\.netbeans
2010-12-02 17:53 . 2010-12-02 17:53 -------- d-----w- c:\users\***\.netbeans-registration
2010-12-02 17:17 . 2010-12-02 17:58 -------- d-----w- c:\users\***\.nbi
2010-12-02 17:15 . 2010-12-02 17:14 521448 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-29 19:15 . 2010-11-29 19:15 -------- d-----w- c:\users\***\AppData\Roaming\KC Softwares
2010-11-27 20:55 . 2010-11-27 20:55 -------- d-----w- c:\programdata\createpart
2010-11-27 20:54 . 2010-11-27 20:54 -------- d-----w- c:\programdata\explauncher
2010-11-27 20:54 . 2010-11-27 20:54 -------- d-----w- c:\programdata\launcher
2010-11-27 20:20 . 2010-05-20 14:26 37392 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-11-25 07:47 . 2010-11-25 07:47 2250568 ----a-w- c:\windows\system32\ooscrsav.scr
2010-11-25 07:46 . 2010-11-25 07:46 349512 ----a-w- c:\windows\system32\oodbs.exe
2010-11-25 07:45 . 2010-11-25 07:45 535880 ----a-w- c:\windows\system32\oodssrs.dll
2010-11-25 07:45 . 2010-11-25 07:45 10056 ----a-w- c:\windows\system32\oodbsrs.dll
2010-11-24 15:08 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-24 15:08 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-10 11:03 . 2010-08-14 08:08 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-11-19 22:24 . 2010-11-19 22:24 62931 ----a-w- c:\users\***\AppData\Roaming\***3SQLite3.dll
2010-11-19 15:53 . 2010-10-22 16:33 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2010-11-02 16:38 . 2010-11-02 16:23 235248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2010-11-02 16:38 . 2010-11-02 16:23 235248 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2010-10-30 14:39 . 2010-10-30 14:39 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2010-10-30 14:39 . 2010-10-30 14:39 2373712 ----a-w- c:\windows\SysWow64\pbsvc.exe
2010-10-14 00:36 . 2010-10-14 00:36 15451288 ----a-w- c:\windows\SysWow64\xlive.dll
2010-10-14 00:36 . 2010-10-14 00:36 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2010-10-08 08:47 . 2010-11-20 22:35 67176 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-08 08:47 . 2010-11-20 22:35 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2010-10-08 08:47 . 2010-11-20 22:35 20280936 ----a-w- c:\windows\system32\nvoglv64.dll
2010-10-08 08:47 . 2010-11-20 22:35 14899816 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2010-10-08 08:47 . 2010-11-20 22:35 1308776 ----a-w- c:\windows\system32\nvgenco642030.dll
2010-10-08 08:47 . 2010-11-20 22:35 12397544 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-10-08 08:47 . 2010-11-20 22:35 1500264 ----a-w- c:\windows\system32\nvdispco642050.dll
2010-10-08 08:47 . 2010-11-20 22:35 12787816 ----a-w- c:\windows\system32\nvd3dumx.dll
2010-10-08 08:47 . 2010-11-20 22:35 2911848 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2010-10-08 08:47 . 2010-11-20 22:35 10021992 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2010-10-08 08:47 . 2010-11-20 22:35 3112552 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-08 08:47 . 2010-11-20 22:35 2934376 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-08 08:47 . 2010-11-20 22:35 6470760 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-08 08:47 . 2010-11-20 22:35 4836456 ----a-w- c:\windows\SysWow64\nvcuda.dll
2010-10-08 08:47 . 2010-11-20 22:35 2666088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2010-10-08 08:47 . 2010-11-20 22:35 13019752 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2010-10-08 08:47 . 2010-11-20 22:35 18597480 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-08 08:47 . 2010-08-14 08:16 2159720 ----a-w- c:\windows\system32\nvapi64.dll
2010-10-08 08:47 . 2010-08-14 08:16 1718376 ----a-w- c:\windows\SysWow64\nvapi.dll
2010-10-08 01:22 . 2010-10-08 01:22 5891176 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-08 01:21 . 2010-10-08 01:21 2590824 ----a-w- c:\windows\system32\nvsvc64.dll
2010-10-08 01:20 . 2010-10-08 01:20 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-08 01:20 . 2010-10-08 01:20 990312 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-08 01:20 . 2010-10-08 01:20 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-09-30 17:16 . 2010-09-30 17:16 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2010-09-24 19:26 . 2010-09-24 19:26 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-24 19:26 . 2010-09-24 19:26 122968 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-24 19:26 . 2010-09-24 19:26 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2010-09-24 19:26 . 2010-09-24 19:26 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-12-19_21.13.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-08-13 20:24 . 2010-12-19 20:59 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-13 20:24 . 2010-12-21 17:42 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-17 18:10 . 2010-12-21 17:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-17 18:10 . 2010-12-19 20:59 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-21 17:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-19 20:59 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-21 17:43 . 2010-12-22 19:49 5510 c:\windows\SoftwareDistribution\PostRebootEventCache\{B198D0BD-84DE-49DF-87F6-FF49AEECEDA6}.bin
- 2010-12-19 21:10 . 2010-12-19 21:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-22 19:52 . 2010-12-22 19:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-22 19:52 . 2010-12-22 19:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-12-19 21:10 . 2010-12-19 21:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:34 . 2010-12-22 19:49 10125312 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2010-12-19 21:07 10125312 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-12-22 19:49 . 2010-12-22 19:49 10125312 c:\windows\ERDNT\subs\SCHEMA.DAT
- 2010-12-19 21:07 . 2010-12-19 21:07 10125312 c:\windows\ERDNT\subs\SCHEMA.DAT
- 2010-12-19 20:56 . 2010-12-19 20:56 10125312 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2010-12-22 19:36 . 2010-12-22 19:36 10125312 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WhatPulse"="d:\program files (x86)\WhatPulse\WhatPulse.exe" [2010-08-09 2922496]
"IDMan"="d:\program files (x86)\Internet Download Manager\IDMan.exe" [2010-09-29 3249504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="d:\program files (x86)\Kaspersky Security Suite CBE 10\avp.exe" [2010-05-06 361120]
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderInfo"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\AVP9\mzvkbd3.dll c:\progra~3\AVP9\sbhook.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Bonus.SSR.FR10"="d:\program files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
"BCSSync"="d:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dump_wmimmc;dump_wmimmc;d:\program files (x86)\FLYFF\GameGuard\dump_wmimmc.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-19 50688]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-14 1255736]
R4 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-21 814344]
R4 CGVPNCliSrvc;CyberGhost VPN Client;d:\programme\CyberGhost VPN\CGVPNCliService.exe [2010-06-25 2398856]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 0]
R4 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [2010-02-04 29184]
R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R4 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2010-06-24 341312]
R4 OODefragAgent;O&O Defrag;d:\program files\OO Software\Defrag\oodag.exe [2010-11-25 3152200]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-05-20 37392]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-10-14 40464]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-27 828912]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 27152]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2010-12-09 139840]
S2 KMService;KMService;c:\windows\system32\srvany.exe [x]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2010-02-04 1039360]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-11-19 1974080]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 21008]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2010-02-24 726816]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
.
Inhalt des "geplante Tasks" Ordners
2010-10-22 c:\windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011.job
- d:\program files (x86)\TuneUp Utilities 2011\OneClick.exe [2010-11-19 15:54]
2010-10-22 c:\windows\Tasks\{DD552472-A185-4a0c-AC58-90AA40E9E26A}.job
- c:\windows\explorer.exe [2010-08-14 06:34]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-12-09 05:40 82648 ----a-w- d:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\cofi\CF28308.cfxxe" [X]
"EvtMgr6"="d:\programme\SetPointP\SetPoint.exe" [2010-10-28 1680976]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.sharewareisland.com
mStart Page = hxxp://www.sharewareisland.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.sharewareisland.com/quicksearch.aspx
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: An OneNote s&enden - d:\progra~2\Microsoft Office\Office14\ONBttnIE.dll/105
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Download aller Links mit IDM - d:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV-Videoinhalt mit IDM - d:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download mit IDM - d:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Hinzufügen zu Anti-Banner - d:\program files (x86)\Kaspersky Security Suite CBE 10\ie_banner_deny.htm
IE: Nach Microsoft E&xcel exportieren - d:\progra~2\Microsoft Office\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="94075E471927A8C8CF34CCED52EF0B247F85530C72E9B7E0DD99396EB8E9F1D8EDBFFC420ED6A304A407B389B7970092FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B5555D575E7D6A3B9808C038D530D6EB3452EB43448A1F3973AC85FD99D3E47430E553C05F743C0BBFCA3E27EA8D6451EAACDBC3F0AB2EF3C4841DB0E4322EE9518D816A61A2F9B938A85EFCA229F20B041BB2818F7A2992F7119267578948BC71FB9A95998719B9D73676D1A0AF87CFA5FDF782AEEBCBFCF23D3EB5564511711D23E981E42238CEF80AE4325C57243C12B1BBBF010C1951804AFD20EE642B43CAC7BCE349073C6D578D079EF36A0CA5EDE68A28D9F7545ECE4D3424CCFA7A9ED006E5636E5E4AC21281428DA6C54713C3A0FC1EB462882A71AFC53046AE2CA468C83D1D9F65CF2AAFF77CE6DAD921BF7F35A7F6B091026B5C2C1C2650BBACAC34D31D9FCD6BF83997D7A208992CAC1C73D32B7C0DDF5190EAD5255E06F1AD3EB6BB63EF0B55BB3416DB23428ED63B4A55F8A5ED32BBCCB95D8FD223A634A697566B7306919A4E97DB92F25A8B85E4A2BD7ABB7CA8268CB953931B3415F8D1A9DE20334EBBC8AA90FC5E098805FB87B1AAFE97CD1FB66E1BD5EC7644D7CC2C9B00EB0E2809FE1281F1F661FA930D42357D8265FB6597139ACCFE63F91A4E78C5CC34F1671FF185819766FB52F42379217AD55596F386DF2688FB63EFAAB0BCB6BDB15255C46A4E5BAD8C5BA389BBD51ECC1B1C9DE3D67EE4BA6F7CB67CBBC32DACF426ACE5C2750DD91B88F756E7C28680CA720972EC5B2EF9B33850A6CA1B2259DD669D92EC4CC822988D4C054DF0E908B115C102C5280F40F8A3B3644B153E68A1934CFE6EE376F4E0FB12E0A3538BB76E45A598ECD8C76CC6504C93C3C7DC5F4B2FD1835D142FA2A1652EDC392464C97446866106A8CC40F4D47938C80D122CB840B81A65F8C15FDEE2788BEF5E1F5B0C612B27469246E22FCA0DF78682A21B9AD081E3C9713242EE903FA7BCC11CED5163CDDD7AD891DDF6CE4F1FBB8C07E1F6F0A0A4DC9F35C97B8C448C29526D66349D1B1CFD80BEA021837A1B3DCF6E9728B1FDC507EBB5D4857AB93DD05ADA0FF763B69945D213FCD58E3E8070B539365DAAF4504400D2A7DD034B5D67E2DF95358E363655DD052A13193D05D16DFD1F15F65676A54CDE6C2C5215B430BDAD09D5FBA2724970C4C0A8CF8E0470E90594A634668A4E83DFADE997A832857FA5E01B8A7B75CE22AE40BB66BC7CEF5F4CBDBC85DB86F89C10DC68050AE5D3806077989FB187A74A5A8CC412C68F07C80527D3916484EED3DF4EC754B2841EDB2A07B6A42B982B078EE9910B2108806516BE3F039EC492A6EFB980BF8F6777F0013430"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\srvany.exe
d:\program files (x86)\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-12-22 20:59:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-12-22 19:59
ComboFix2.txt 2010-12-19 21:16
Vor Suchlauf: 557.850.624 Bytes frei
Nach Suchlauf: 2.037.235.712 Bytes frei
- - End Of File - - 4AC6F4091147E307B9CA64FDA96E281B
|
|
22.12.2010, 22:04
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ausführen Dialog lässt sich nicht öffnen(Win7 x64) [gelöst] Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.12.2010, 18:15
| #15 |
| Gesperrt | Ausführen Dialog lässt sich nicht öffnen(Win7 x64) [gelöst]Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-26 18:08:31
Windows 6.1.7600
Running: k84lboh7.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x86 0x09 0x9B 0x11 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 d:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFA 0x03 0x32 0xF6 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFA 0x4D 0x0E 0x1B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x86 0x09 0x9B 0x11 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 d:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFA 0x03 0x32 0xF6 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFA 0x4D 0x0E 0x1B ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Logical Drives Mask: 0x00040ffd
Kernel Drivers (total 175):
0x02A13000 \SystemRoot\system32\ntoskrnl.exe
0x02FEF000 \SystemRoot\system32\hal.dll
0x00BC7000 \SystemRoot\system32\kdcom.dll
0x00C30000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C3D000 \SystemRoot\system32\PSHED.dll
0x00C51000 \SystemRoot\system32\CLFS.SYS
0x00CAF000 \SystemRoot\system32\CI.dll
0x00EC3000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F67000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x0101E000 \SystemRoot\System32\Drivers\sphc.sys
0x01145000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x0114E000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x0117D000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x011D4000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x011DE000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F76000 \SystemRoot\system32\DRIVERS\pci.sys
0x011EB000 \SystemRoot\System32\drivers\partmgr.sys
0x01000000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E5C000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x00E85000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01015000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00FA9000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FB9000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FD3000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00D6F000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00FDC000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00D99000 \SystemRoot\system32\drivers\fltmgr.sys
0x00FE7000 \SystemRoot\system32\drivers\fileinfo.sys
0x01230000 \SystemRoot\System32\Drivers\Ntfs.sys
0x014BC000 \SystemRoot\System32\Drivers\msrpc.sys
0x0151A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01534000 \SystemRoot\System32\Drivers\cng.sys
0x015A7000 \SystemRoot\System32\drivers\pcw.sys
0x015B8000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0162F000 \SystemRoot\system32\drivers\ndis.sys
0x01721000 \SystemRoot\system32\drivers\NETIO.SYS
0x01781000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x017AC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01600000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01610000 \SystemRoot\System32\Drivers\spldr.sys
0x0144C000 \SystemRoot\System32\drivers\rdyboost.sys
0x01618000 \SystemRoot\System32\Drivers\mup.sys
0x01486000 \SystemRoot\system32\DRIVERS\klbg.sys
0x017F6000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01494000 \SystemRoot\system32\DRIVERS\hotcore3.sys
0x015C2000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x014A0000 \SystemRoot\system32\DRIVERS\disk.sys
0x00C00000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03AD2000 \SystemRoot\system32\DRIVERS\klif.sys
0x03B2F000 \SystemRoot\System32\Drivers\Null.SYS
0x03B38000 \SystemRoot\System32\Drivers\Beep.SYS
0x03B3F000 \SystemRoot\System32\drivers\vga.sys
0x03B4D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03B72000 \SystemRoot\System32\drivers\watchdog.sys
0x03B82000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03B8B000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03B94000 \SystemRoot\system32\drivers\rdprefmp.sys
0x03B9D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03BA8000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03BB9000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03BD7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03CCF000 \SystemRoot\system32\DRIVERS\kl1.sys
0x03C00000 \SystemRoot\system32\drivers\afd.sys
0x03C8A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03BE4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03A00000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03A26000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03A3C000 \SystemRoot\system32\DRIVERS\klim6.sys
0x03A46000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03A55000 \SystemRoot\system32\DRIVERS\serial.sys
0x03A72000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03A8D000 \SystemRoot\System32\drivers\truecrypt.sys
0x01213000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0366E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x036BF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x036CB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x036D6000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x036E1000 \SystemRoot\System32\drivers\discache.sys
0x036F0000 \SystemRoot\system32\drivers\csc.sys
0x03773000 \SystemRoot\System32\Drivers\dfsc.sys
0x03791000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x037A2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x037C8000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x037DF000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03600000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03656000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04838000 \SystemRoot\system32\drivers\RTKVAC64.SYS
0x04B8B000 \SystemRoot\system32\drivers\portcls.sys
0x04BC8000 \SystemRoot\system32\drivers\drmk.sys
0x04452000 \SystemRoot\system32\drivers\ks.sys
0x04495000 \SystemRoot\system32\drivers\ksthunk.sys
0x0449B000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x044A8000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x044E6000 \SystemRoot\system32\DRIVERS\nvm62x64.sys
0x0562D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x05600000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x042A9000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0439D000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04200000 \SystemRoot\System32\Drivers\a5w89egs.SYS
0x04245000 \SystemRoot\system32\DRIVERS\fdc.sys
0x04252000 \SystemRoot\system32\DRIVERS\serenum.sys
0x0425E000 \SystemRoot\system32\DRIVERS\irsir.sys
0x0426A000 \SystemRoot\system32\drivers\irenum.sys
0x04273000 \SystemRoot\system32\DRIVERS\parport.sys
0x04290000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x043E3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05602000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0454A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04556000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04585000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x045A0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x045C1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x045DB000 \SystemRoot\system32\DRIVERS\tap0901.sys
0x045E8000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04400000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0440F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0441E000 \SystemRoot\system32\DRIVERS\VClone.sys
0x043F9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0442D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04C18000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04C72000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x04C7D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04C92000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x04CAD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04CAF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04CCC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04CDA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04CF3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04CFC000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0x04D0C000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x04D21000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0504A000 \SystemRoot\system32\DRIVERS\netr7364.sys
0x05103000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x05110000 \SystemRoot\System32\drivers\Dxapi.sys
0x0511C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x05139000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004E0000 \SystemRoot\System32\TSDDD.dll
0x00780000 \SystemRoot\System32\cdd.dll
0x05147000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05155000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05161000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x0516A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x008B0000 \SystemRoot\System32\ATMFD.DLL
0x0517D000 \SystemRoot\system32\drivers\WudfPf.sys
0x0519E000 \SystemRoot\system32\DRIVERS\irda.sys
0x051C1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04D5A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x051D6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x05000000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x024A0000 \SystemRoot\system32\drivers\HTTP.sys
0x02568000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02586000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02400000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0244E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02471000 \SystemRoot\system32\DRIVERS\idmwfp.sys
0x02836000 \SystemRoot\system32\drivers\peauth.sys
0x028DC000 \SystemRoot\System32\Drivers\secdrv.SYS
0x028E7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x02914000 \SystemRoot\System32\drivers\tcpipreg.sys
0x02997000 \SystemRoot\System32\DRIVERS\srv2.sys
0x032BE000 \SystemRoot\System32\DRIVERS\srv.sys
0x03354000 \??\D:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
0x0335C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0338D000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x03200000 \SystemRoot\System32\Drivers\fastfat.SYS
0x033B3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x033C0000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x033D4000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x77A50000 \Windows\System32\ntdll.dll
0x47D10000 \Windows\System32\smss.exe
0xFFD70000 \Windows\System32\apisetschema.dll
Processes (total 39):
0 System Idle Process
4 System
300 C:\Windows\System32\smss.exe
484 csrss.exe
532 C:\Windows\System32\wininit.exe
544 csrss.exe
592 C:\Windows\System32\services.exe
600 C:\Windows\System32\lsass.exe
608 C:\Windows\System32\lsm.exe
636 C:\Windows\System32\winlogon.exe
760 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
420 C:\Windows\System32\svchost.exe
1048 C:\Windows\servicing\TrustedInstaller.exe
1088 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\spoolsv.exe
1304 C:\Windows\System32\svchost.exe
1416 C:\Windows\SysWOW64\srvany.exe
1444 C:\Windows\System32\lxducoms.exe
1460 C:\Windows\System32\conhost.exe
1692 D:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
1720 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1832 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2060 C:\Windows\System32\svchost.exe
2164 WUDFHost.exe
2800 C:\Windows\System32\dwm.exe
2848 C:\Windows\explorer.exe
1928 D:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
1016 D:\Programme\SetPointP\SetPoint.exe
2496 D:\Program Files (x86)\WhatPulse\WhatPulse.exe
2904 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
2936 C:\Windows\System32\svchost.exe
744 D:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
4004 D:\Programme\Opera 10.50 Beta\opera.exe
3844 C:\Users\Messna\Desktop\MBRCheck.exe
1404 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`007e0000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000007`53436200 (NTFS)
\\.\S: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: ST3200822AS, Rev: 3.01
PhysicalDrive1 Model Number: ST3200822AS, Rev: 3.01
Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
186 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
|
|
| Themen zu Ausführen Dialog lässt sich nicht öffnen(Win7 x64) |
| bho, browser, computer, desktop, downloader, explorer, firefox, ftp, helper, hkus\s-1-5-18, internet, internet explorer, kaspersky, log, logfile, lsass.exe, microsoft, mozilla, nicht öffnen, nvidia, object, plug-in, programme, security, senden, software, syswow64, tastatur, wmp |
Ausführen Dialog lässt sich nicht öffnen(Win7 x64)
Linear-Darstellung
