| |
| |||||||
Log-Analyse und Auswertung: Win32.parite. In Winrar. logfile erstellt!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.04.2010, 21:50
| #1 |
| |  Win32.parite. In Winrar. logfile erstellt! also seit gestern/heute meint mein avast das in meinem winrar ordner C:\Program Files\WinRAR\scvhost.exe das befindet. und sagt auserdem Win32:Parite. doch soweit ich weis ist das eigentlich ein windows dienst für die updates usw. hat jemand da ne lösung für? hier der HijackThis logfile: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:40:49, on 12.04.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\SOUNDMAN.EXE C:\Windows\SysWOW64\rundll32.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing) O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 6417 bytes |
|
13.04.2010, 12:01
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Win32.parite. In Winrar. logfile erstellt! Hallo und
__________________ Zitat:
__________________ |
|
13.04.2010, 13:30
| #3 |
| | Win32.parite. In Winrar. logfile erstellt! lustiger weise ja...
__________________aber mit nem keks  liegt daran? ich nehm auch gern weider 7zip  |
|
13.04.2010, 13:32
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32.parite. In Winrar. logfile erstellt! Was lustigerweise ja? Bitte so schreiben, dass man nicht herumraten musst was Du meinst.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.04.2010, 14:16
| #5 |
| | Win32.parite. In Winrar. logfile erstellt! ja gut. war so auszulegen weil du fragstest ob ich winrar von der hp des herstellers habe deswegen lustiger weise ja... ich kanns das ding aber auch mit avast nicht löschen in den container verschieben oder sonst was machen. sagt dann immer : Kann datei "c:\programm files\winrar\scvhost.exe" nicht bearbeiten. woran liegt das? |
|
13.04.2010, 14:54
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32.parite. In Winrar. logfile erstellt! Müssen wir analysieren. Hinweis: Du nutzt ein 64-Bit-Windows. Viele Tools, die wir hier als Hilfsmittel zum Bereinigen einsetzen, sind mit nem 64-Bit-Windows nicht kompatibel - das macht eine Bereinigung schwerer als sie ohnehin schon ist. Mach bitte einen Durchgang mit Malwarebytes und poste das Log.
__________________ --> Win32.parite. In Winrar. logfile erstellt! |
|
13.04.2010, 15:22
| #7 |
| | Win32.parite. In Winrar. logfile erstellt! soo habs gescannt: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 3984 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 13.04.2010 16:20:34 mbam-log-2010-04-13 (16-20-34).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 110698 Laufzeit: 2 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) sieht nachnichts aus das eine müsste ja HijackThis sein wenn ich das so richtig interpretiere kanns sein das avast das vll als virus erkennt da ja dinge darüber gesendet werden? soweit ich weis ist das keine spezielle 64 bit version für win 7. liegts womöglich daran? |
|
13.04.2010, 15:23
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32.parite. In Winrar. logfile erstellt! Mach bitte einen Vollscan.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.04.2010, 17:24
| #9 |
| | Win32.parite. In Winrar. logfile erstellt! sooo hier der vollscann. Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 3984 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 13.04.2010 18:23:00 mbam-log-2010-04-13 (18-23-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 255107 Laufzeit: 27 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) irgentwie finden die nichts hmmmm komisch. danke schonmal an dieser stelle für die bemühungen. |
|
13.04.2010, 19:41
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32.parite. In Winrar. logfile erstellt! Ok, dann mach bitte Logs mit OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.04.2010, 20:14
| #11 |
| | Win32.parite. In Winrar. logfile erstellt! soooo auch hier die scanns aber scheint clean auf den ersten blick kann ja auch sein das avast "dumm" ist OTL Extras logfile created on: 13.04.2010 21:06:13 - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Dome\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 157,36 Gb Free Space | 67,57% Space Free | Partition Type: NTFS Drive D: | 4,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SUEDEN Current User Name: Dome Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{9B1A8F3D-8059-43FB-A7AE-4F2C21F0AAF2}" = KhalInstallWrapper "C-Media PCI Audio Driver" = C-Media PCI Audio Device "Defraggler" = Defraggler "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15 "{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{6D0042A0-9064-4C7F-B906-3EAC4427EE07}_is1" = Counter-Strike Source DZ "{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{BCAF3D46-3BDA-441F-97B9-3878ACD0CD4F}_is1" = Half-Life 2 (Addon) DZ "{D79A717E-073E-4FDA-A854-BF81D7A52297}_is1" = Source Dedicated Server DZ "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX "{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic VX "{E63A550D-7A75-462C-B495-D77F0808D083}" = SpellForce 2 - Shadow Wars "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "avast!" = avast! Antivirus "Counter-Strike 1.6 V40.1" = Counter-Strike 1.6 V40.1 "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition "Foxit Reader" = Foxit Reader "HijackThis" = HijackThis 2.0.2 "JDownloader" = JDownloader "Listenserver Erweiterungssystem" = Listenserver Erweiterungssystem "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06.04.2010 14:12:25 | Computer Name = sueden | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary avast! Firewall Core Firewall Service. System Error: Das System kann die angegebene Datei nicht finden. . Error - 06.04.2010 14:12:25 | Computer Name = sueden | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary aswRdr. System Error: Das System kann die angegebene Datei nicht finden. . Error - 06.04.2010 14:12:25 | Computer Name = sueden | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary aswSnx. System Error: Das System kann die angegebene Datei nicht finden. . Error - 06.04.2010 14:12:25 | Computer Name = sueden | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary aswSP. System Error: Das System kann die angegebene Datei nicht finden. . Error - 06.04.2010 14:12:25 | Computer Name = sueden | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary avast! Network Shield Support. System Error: Das System kann die angegebene Datei nicht finden. . Error - 06.04.2010 14:12:25 | Computer Name = sueden | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service avast! Antivirus since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. . Error - 06.04.2010 15:13:21 | Computer Name = sueden | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: LMonitor.exe, Version: 1.0.0.3, Zeitstempel: 0x42d1dd09 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x372d534d ID des fehlerhaften Prozesses: 0x248 Startzeit der fehlerhaften Anwendung: 0x01cad5bd11b2d101 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\MSI\Live Update 3\LMonitor.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 76b16527-41b0-11df-bd84-001617172530 Error - 06.04.2010 17:52:58 | Computer Name = sueden | Source = VSS | ID = 12305 Description = Error - 08.04.2010 09:37:38 | Computer Name = sueden | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Logitech\SetPoint\SetPoint.exe". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 08.04.2010 12:21:29 | Computer Name = sueden | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: hl.exe, Version: 1.1.1.1, Zeitstempel: 0x48feaf5a Name des fehlerhaften Moduls: steam.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4a0fe93e Ausnahmecode: 0xc0000005 Fehleroffset: 0x7270d1a0 ID des fehlerhaften Prozesses: 0xe9c Startzeit der fehlerhaften Anwendung: 0x01cad735ed99f0c4 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Counter-Strike 1.6 V40\hl.exe Pfad des fehlerhaften Moduls: steam.dll Berichtskennung: c90e5f12-432a-11df-a0e8-001617172530 [ System Events ] Error - 12.04.2010 09:34:59 | Computer Name = sueden | Source = Service Control Manager | ID = 7032 Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error - 12.04.2010 16:34:11 | Computer Name = sueden | Source = Service Control Manager | ID = 7016 Description = Der Dienst "NVIDIA Stereoscopic 3D Driver Service" hat einen ungültigen aktuellen Status gemeldet: 0 Error - 12.04.2010 16:35:16 | Computer Name = sueden | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\DRIVERS\lirsgt.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 12.04.2010 16:35:16 | Computer Name = sueden | Source = Service Control Manager | ID = 7000 Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error - 12.04.2010 17:07:40 | Computer Name = sueden | Source = Service Control Manager | ID = 7016 Description = Der Dienst "NVIDIA Stereoscopic 3D Driver Service" hat einen ungültigen aktuellen Status gemeldet: 0 Error - 13.04.2010 08:15:35 | Computer Name = sueden | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\DRIVERS\lirsgt.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 13.04.2010 08:15:35 | Computer Name = sueden | Source = Service Control Manager | ID = 7000 Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error - 13.04.2010 10:41:00 | Computer Name = sueden | Source = Service Control Manager | ID = 7016 Description = Der Dienst "NVIDIA Stereoscopic 3D Driver Service" hat einen ungültigen aktuellen Status gemeldet: 0 Error - 13.04.2010 10:42:05 | Computer Name = sueden | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\DRIVERS\lirsgt.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 13.04.2010 10:42:05 | Computer Name = sueden | Source = Service Control Manager | ID = 7000 Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 < End of report > |
|
13.04.2010, 20:14
| #12 |
| | Win32.parite. In Winrar. logfile erstellt! und hier der 2te sooo da der 2te: OTL logfile created on: 13.04.2010 21:06:13 - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Dome\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 157,36 Gb Free Space | 67,57% Space Free | Partition Type: NTFS Drive D: | 4,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SUEDEN Current User Name: Dome Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Dome\Downloads\OTL.exe (OldTimer Tools) PRC - C:\PROGRA~2\ICQ7.1\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\JetAudio\JetAudio.exe (JetAudio, Inc.) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashServ.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Dome\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation) SRV:64bit: - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (cmuda3) -- C:\Windows\SysNative\drivers\cmudax3.sys (C-Media Inc) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (ALWIL Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (ALWIL Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software) DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (ALWIL Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (ALWIL Software) DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation) DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:64bit: - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\SysNative\drivers\RTKVAC64.SYS (Realtek Semiconductor Corp.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (LMouKE) -- C:\Windows\SysNative\drivers\LMouKE.Sys (Logitech Inc.) DRV:64bit: - (L8042mou) -- C:\Windows\SysNative\drivers\L8042mou.Sys (Logitech Inc.) DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech Inc.) DRV - (lirsgt) -- C:\Windows\SysWOW64\drivers\lirsgt.sys () DRV - (StarOpen) -- C:\Windows\SysWOW64\drivers\StarOpen.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation) DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A 4F 90 C6 8F D5 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.schuelervz.net/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.07 00:12:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.07 00:12:58 | 000,000,000 | ---D | M] [2010.04.06 16:39:06 | 000,000,000 | ---D | M] -- C:\Users\Dome\AppData\Roaming\mozilla\Extensions [2010.04.13 14:27:23 | 000,000,000 | ---D | M] -- C:\Users\Dome\AppData\Roaming\mozilla\Firefox\Profiles\5bps0smz.default\extensions [2010.04.07 00:13:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dome\AppData\Roaming\mozilla\Firefox\Profiles\5bps0smz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.07 00:02:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\CMICNFG3.DLL (C-Media Corporation) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe () O4 - Startup: C:\Users\Dome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.10.27 14:05:43 | 002,695,168 | R--- | M] (JoWooD Productions Software AG) - D:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2006.10.27 14:05:43 | 000,000,050 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{7a9aafd3-4181-11df-a47c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7a9aafd3-4181-11df-a47c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2006.10.27 14:05:43 | 002,695,168 | R--- | M] (JoWooD Productions Software AG) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.13 18:59:07 | 000,000,000 | ---D | C] -- C:\Users\Dome\Documents\ICQ [2010.04.13 16:13:43 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\Malwarebytes [2010.04.13 16:13:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.04.13 16:13:31 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.04.13 16:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.04.13 16:13:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.04.12 22:40:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010.04.12 22:12:27 | 000,000,000 | ---D | C] -- C:\Users\Dome\Desktop\Neuer Ordner (2) [2010.04.12 16:34:03 | 000,000,000 | ---D | C] -- C:\Users\Dome\Documents\SpellForce2 [2010.04.12 16:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpellForce [2010.04.12 15:52:01 | 000,000,000 | ---D | C] -- C:\Users\Dome\Desktop\Neuer Ordner [2010.04.09 16:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software [2010.04.08 17:39:56 | 000,000,000 | ---D | C] -- C:\Users\Dome\Documents\My Games [2010.04.08 16:54:20 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\ICQ [2010.04.08 16:54:19 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Local\AOL [2010.04.08 16:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.1 [2010.04.08 15:37:33 | 000,228,864 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\kemutb.dll [2010.04.08 15:37:33 | 000,218,112 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\KemUtil.dll [2010.04.08 15:37:33 | 000,152,064 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\KemWnd.dll [2010.04.08 15:37:33 | 000,072,192 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\KemXML.dll [2010.04.08 15:37:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Logitech [2010.04.08 15:37:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2010.04.08 15:37:17 | 000,000,000 | ---D | C] -- C:\Programme\Logitech [2010.04.08 15:25:09 | 008,151,040 | ---- | C] (C-Media Corporation) -- C:\Windows\SysWow64\CMICNFG3.dll [2010.04.08 15:25:09 | 000,200,704 | ---- | C] (C-Media) -- C:\Windows\SysWow64\CMPaOxy.dll [2010.04.08 15:24:04 | 000,524,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll [2010.04.07 20:31:25 | 000,475,648 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\AlcUpd64.exe [2010.04.07 20:30:39 | 000,524,288 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2010.04.07 20:30:39 | 000,319,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe [2010.04.07 20:03:29 | 000,022,216 | ---- | C] (Licensed for Gebhard Software) -- C:\Windows\SysNative\drivers\DRHARD64.sys [2010.04.07 20:03:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dr. Hardware 2010 [2010.04.06 23:21:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek AC97 [2010.04.06 21:10:15 | 000,327,168 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe [2010.04.06 20:54:01 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Local\ElevatedDiagnostics [2010.04.06 20:44:55 | 000,027,216 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2010.04.06 20:44:52 | 000,053,840 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2010.04.06 20:44:46 | 000,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\AvastSS.scr [2010.04.06 20:44:45 | 000,089,680 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2010.04.06 20:44:45 | 000,022,096 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2010.04.06 20:44:43 | 000,065,616 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2010.04.06 20:44:13 | 001,280,480 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe [2010.04.06 20:44:13 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71.dll [2010.04.06 20:44:13 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCP71.dll [2010.04.06 20:44:13 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCR71.dll [2010.04.06 20:13:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2010.04.06 20:13:01 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll [2010.04.06 20:13:01 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.04.06 20:13:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.04.06 20:13:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.04.06 20:12:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2010.04.06 19:40:25 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2010.04.06 19:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2010.04.06 19:21:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Counter-Strike 1.6 V40 [2010.04.06 19:04:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Counter-Strike Source [2010.04.06 18:53:53 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\Leadertech [2010.04.06 18:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd [2010.04.06 18:53:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd [2010.04.06 18:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd [2010.04.06 18:52:57 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\COWON [2010.04.06 18:52:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\COWON [2010.04.06 18:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JetAudio [2010.04.06 18:52:11 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2010.04.06 18:51:45 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\InstallShield [2010.04.06 18:51:31 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\Logitech [2010.04.06 18:51:31 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\Logishrd [2010.04.06 18:32:47 | 000,000,000 | ---D | C] -- C:\Programme\Alwil Software [2010.04.06 18:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2010.04.06 18:26:23 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\WinRAR [2010.04.06 18:24:46 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR [2010.04.06 18:11:38 | 000,657,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NVUNINST.EXE [2010.04.06 18:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2010.04.06 17:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP [2010.04.06 16:59:26 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler [2010.04.06 16:49:16 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Local\Microsoft Games [2010.04.06 16:38:56 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\Mozilla [2010.04.06 16:38:56 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Local\Mozilla [2010.04.06 16:38:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010.04.06 16:36:18 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2010.04.06 16:36:04 | 000,000,000 | -HSD | C] -- C:\Boot [2010.04.06 16:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2010.04.06 16:23:23 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2010.04.06 16:22:13 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation [2010.04.06 16:15:09 | 000,930,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpinst.exe [2010.04.06 16:15:09 | 000,064,616 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2010.04.06 16:15:09 | 000,056,424 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2010.04.06 16:15:09 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd [2010.04.06 16:15:08 | 004,503,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2010.04.06 16:15:06 | 021,005,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2010.04.06 16:15:06 | 015,227,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2010.04.06 16:15:06 | 003,215,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvencodemft.dll [2010.04.06 16:15:06 | 002,907,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvencodemft.dll [2010.04.06 16:15:06 | 000,384,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll [2010.04.06 16:15:06 | 000,316,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll [2010.04.06 16:15:04 | 011,906,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2010.04.06 16:15:04 | 009,386,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2010.04.06 16:15:04 | 002,893,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2010.04.06 16:15:04 | 002,646,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2010.04.06 16:15:04 | 002,106,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2010.04.06 16:15:04 | 002,009,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2010.04.06 16:15:02 | 016,061,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2010.04.06 16:15:02 | 011,647,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2010.04.06 16:15:02 | 005,444,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2010.04.06 16:15:02 | 004,029,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2010.04.06 16:15:02 | 001,592,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2010.04.06 16:15:02 | 001,296,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2010.04.06 16:15:02 | 000,239,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1910.dll [2010.04.06 16:15:02 | 000,239,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll [2010.04.06 16:14:41 | 000,000,000 | ---D | C] -- C:\NVIDIA [2010.04.06 16:08:25 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\Macromedia [2010.04.06 16:08:25 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\Adobe [2010.04.06 16:08:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2010.04.06 16:07:17 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV [2010.04.06 16:05:32 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2010.04.06 16:02:40 | 000,000,000 | ---D | C] -- C:\Users\Dome\Documents\DriverGenius [2010.04.06 16:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft [2010.04.06 15:55:08 | 000,000,000 | ---D | C] -- C:\Users\Dome\Desktop\saves [2010.04.06 15:55:06 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2010.04.06 15:55:05 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2010.04.06 15:55:03 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll [2010.04.06 15:55:03 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll [2010.04.06 15:55:02 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2010.04.06 15:55:02 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2010.04.06 15:53:25 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll [2010.04.06 15:53:24 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll [2010.04.06 15:53:24 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll [2010.04.06 15:53:24 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll [2010.04.06 15:53:24 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll [2010.04.06 15:53:24 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll [2010.04.06 15:53:24 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll [2010.04.06 15:53:24 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll [2010.04.06 15:52:59 | 000,960,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2010.04.06 15:52:58 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2010.04.06 15:52:58 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2010.04.06 15:52:58 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll [2010.04.06 15:52:58 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2010.04.06 15:52:58 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2010.04.06 15:52:58 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2010.04.06 15:52:55 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll [2010.04.06 15:52:55 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll [2010.04.06 15:52:55 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll [2010.04.06 15:52:55 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll [2010.04.06 15:52:55 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe [2010.04.06 15:52:55 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe [2010.04.06 15:52:55 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe [2010.04.06 15:52:54 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe [2010.04.06 15:52:54 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe [2010.04.06 15:52:54 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe [2010.04.06 15:52:54 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe [2010.04.06 15:52:54 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe [2010.04.06 15:52:54 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll [2010.04.06 15:52:54 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll [2010.04.06 15:52:54 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll [2010.04.06 15:52:54 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll [2010.04.06 15:52:52 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2010.04.06 15:52:52 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2010.04.06 15:52:52 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe [2010.04.06 15:52:51 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2010.04.06 15:52:50 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2010.04.06 15:52:50 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll [2010.04.06 15:52:50 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll [2010.04.06 15:52:50 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll [2010.04.06 15:52:50 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll [2010.04.06 15:52:50 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll [2010.04.06 15:52:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll [2010.04.06 15:52:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll [2010.04.06 15:52:49 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2010.04.06 15:52:48 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2010.04.06 15:52:47 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.04.06 15:52:47 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.04.06 15:52:47 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll [2010.04.06 15:52:47 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll [2010.04.06 15:52:47 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2010.04.06 15:52:47 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2010.04.06 15:52:43 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2010.04.06 15:52:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2010.04.06 15:52:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2010.04.06 15:52:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2010.04.06 15:52:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2010.04.06 15:52:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2010.04.06 15:52:41 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll [2010.04.06 15:46:36 | 000,000,000 | R--D | C] -- C:\Users\Dome\Searches [2010.04.06 15:46:22 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\Identities [2010.04.06 15:46:17 | 000,000,000 | R--D | C] -- C:\Users\Dome\Contacts [2010.04.06 15:46:14 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Local\VirtualStore [2010.04.06 15:46:05 | 000,000,000 | --SD | C] -- C:\Users\Dome\AppData\Roaming\Microsoft [2010.04.06 15:46:05 | 000,000,000 | R--D | C] -- C:\Users\Dome\Videos [2010.04.06 15:46:05 | 000,000,000 | R--D | C] -- C:\Users\Dome\Saved Games [2010.04.06 15:46:05 | 000,000,000 | R--D | C] -- C:\Users\Dome\Pictures [2010.04.06 15:46:05 | 000,000,000 | R--D | C] -- C:\Users\Dome\Music [2010.04.06 15:46:05 | 000,000,000 | R--D | C] -- C:\Users\Dome\Links [2010.04.06 15:46:05 | 000,000,000 | R--D | C] -- C:\Users\Dome\Favorites [2010.04.06 15:46:05 | 000,000,000 | R--D | C] -- C:\Users\Dome\Downloads [2010.04.06 15:46:05 | 000,000,000 | R--D | C] -- C:\Users\Dome\Documents [2010.04.06 15:46:05 | 000,000,000 | R--D | C] -- C:\Users\Dome\Desktop [2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\Vorlagen [2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\AppData\Local\Verlauf [2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\AppData\Local\Temporary Internet Files [2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\Startmenü [2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\SendTo [2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\Recent [2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\Netzwerkumgebung [2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\Lokale Einstellungen [2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\Documents\Eigene Videos [2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\Documents\Eigene Musik [2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\Eigene Dateien [2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\Documents\Eigene Bilder [2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\Druckumgebung [2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\Cookies [2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\AppData\Local\Anwendungsdaten [2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\Anwendungsdaten [2010.04.06 15:46:05 | 000,000,000 | -H-D | C] -- C:\Users\Dome\AppData [2010.04.06 15:46:05 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Local\Temp [2010.04.06 15:46:05 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Local\Microsoft [2010.04.06 15:46:05 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\Media Center Programs [2010.04.06 15:45:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2010.04.06 15:45:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2010.04.06 15:45:53 | 000,000,000 | -HSD | C] -- C:\Recovery [2010.04.06 15:45:53 | 000,000,000 | -HSD | C] -- C:\Programme [2010.04.06 15:45:53 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien [2010.04.06 15:45:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2010.04.06 15:45:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2010.04.06 15:45:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2010.04.06 15:45:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2010.04.06 15:45:52 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2010.04.06 15:45:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2010.04.06 15:45:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2010.04.06 15:40:09 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010.04.06 15:37:31 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2010.04.06 15:37:06 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2010.03.16 02:53:00 | 014,828,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2010.03.16 02:53:00 | 001,515,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2010.03.16 02:53:00 | 001,067,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2010.03.16 02:53:00 | 000,116,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2010.03.16 02:53:00 | 000,061,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll ========== Files - Modified Within 30 Days ========== [2010.04.13 21:08:59 | 001,048,576 | -HS- | M] () -- C:\Users\Dome\ntuser.dat [2010.04.13 20:12:34 | 000,001,768 | ---- | M] () -- C:\Users\Dome\Desktop\Defraggler.lnk [2010.04.13 19:17:10 | 000,051,003 | ---- | M] () -- C:\Users\Dome\Desktop\ulz.jpg [2010.04.13 16:49:09 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.04.13 16:49:09 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.04.13 16:46:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2010.04.13 16:42:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.04.13 16:41:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.04.13 16:41:43 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys [2010.04.13 16:40:44 | 002,149,344 | -H-- | M] () -- C:\Users\Dome\AppData\Local\IconCache.db [2010.04.13 16:13:35 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.12 22:40:33 | 000,002,097 | ---- | M] () -- C:\Users\Dome\Desktop\HijackThis.lnk [2010.04.12 16:28:54 | 000,002,289 | ---- | M] () -- C:\Users\Dome\Desktop\Play SpellForce 2 - Shadow Wars.lnk [2010.04.12 15:34:08 | 000,018,048 | ---- | M] () -- C:\Windows\SysWow64\drivers\lirsgt.sys [2010.04.12 15:04:36 | 174,830,100 | ---- | M] () -- C:\Users\Dome\Desktop\spellforce2_update_v102.exe [2010.04.09 16:32:15 | 000,001,234 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2010.04.08 19:37:26 | 000,001,160 | -H-- | M] () -- C:\Users\Dome\Desktop\$$JetTHM$$.cache [2010.04.08 17:22:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010.04.08 15:42:22 | 000,000,760 | ---- | M] () -- C:\Users\Dome\AppData\Roaming\setup_ldm.iss [2010.04.08 15:39:43 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\Logitech-Maus- und -Tastatureinstellungen.lnk [2010.04.08 15:37:35 | 000,001,751 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2010.04.08 15:25:10 | 000,000,188 | ---- | M] () -- C:\Windows\Cmicnfg3.ini.cfl [2010.04.08 15:25:09 | 000,000,138 | ---- | M] () -- C:\Windows\System\Dlap.pfx [2010.04.08 15:25:07 | 000,000,168 | ---- | M] () -- C:\Windows\Cmicnfg3.ini.imi [2010.04.08 15:24:05 | 000,000,107 | ---- | M] () -- C:\Windows\System\Cmicnfg3.ini [2010.04.07 20:30:39 | 000,319,488 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe [2010.04.07 20:11:34 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.04.07 20:11:34 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.04.07 20:11:34 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.04.07 20:11:34 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.04.07 20:11:34 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.04.07 00:17:10 | 000,524,288 | -HS- | M] () -- C:\Users\Dome\ntuser.dat{94637967-41c6-11df-a4f2-001617172530}.TMContainer00000000000000000002.regtrans-ms [2010.04.07 00:17:10 | 000,524,288 | -HS- | M] () -- C:\Users\Dome\ntuser.dat{94637967-41c6-11df-a4f2-001617172530}.TMContainer00000000000000000001.regtrans-ms [2010.04.07 00:17:10 | 000,065,536 | -HS- | M] () -- C:\Users\Dome\ntuser.dat{94637967-41c6-11df-a4f2-001617172530}.TM.blf [2010.04.07 00:00:23 | 000,524,288 | -HS- | M] () -- C:\Users\Dome\ntuser.dat{2020af51-41c4-11df-bbf6-001617172530}.TMContainer00000000000000000002.regtrans-ms [2010.04.07 00:00:23 | 000,524,288 | -HS- | M] () -- C:\Users\Dome\ntuser.dat{2020af51-41c4-11df-bbf6-001617172530}.TMContainer00000000000000000001.regtrans-ms [2010.04.07 00:00:23 | 000,065,536 | -HS- | M] () -- C:\Users\Dome\ntuser.dat{2020af51-41c4-11df-bbf6-001617172530}.TM.blf [2010.04.06 23:32:23 | 000,033,134 | ---- | M] () -- C:\Users\Dome\AppData\Roaming\UserTile.png [2010.04.06 20:44:55 | 000,001,861 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk [2010.04.06 20:13:19 | 000,001,021 | ---- | M] () -- C:\Users\Dome\Desktop\JDownloader.lnk [2010.04.06 20:12:43 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.04.06 20:12:43 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.04.06 20:12:43 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.04.06 20:12:42 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll [2010.04.06 19:48:50 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\Counter-Strike Source.lnk [2010.04.06 19:29:40 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.04.06 19:22:41 | 000,002,057 | ---- | M] () -- C:\Users\Public\Desktop\Counter-Strike 1.6 DigitalZone.lnk [2010.04.06 19:22:41 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Half-Life DigitalZone.lnk [2010.04.06 19:19:25 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\Half-Life 2.lnk [2010.04.06 19:17:28 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Source Dedicated Server.lnk [2010.04.06 19:16:21 | 000,002,097 | ---- | M] () -- C:\Users\Public\Desktop\Quick Server.lnk [2010.04.06 18:59:56 | 000,001,358 | ---- | M] () -- C:\Users\Dome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2010.04.06 18:52:32 | 000,001,825 | ---- | M] () -- C:\Users\Public\Desktop\jetAudio.lnk [2010.04.06 18:29:54 | 000,034,308 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll [2010.04.06 17:01:29 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2010.04.06 16:49:11 | 000,057,560 | ---- | M] () -- C:\Users\Dome\AppData\Local\GDIPFONTCACHEV1.DAT [2010.04.06 16:38:52 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.04.06 16:36:06 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010.04.06 16:28:24 | 000,524,288 | -HS- | M] () -- C:\Users\Dome\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.04.06 16:28:24 | 000,524,288 | -HS- | M] () -- C:\Users\Dome\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.04.06 16:28:24 | 000,065,536 | -HS- | M] () -- C:\Users\Dome\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.04.06 16:00:11 | 000,001,115 | ---- | M] () -- C:\Users\Dome\Desktop\Driver Genius Professional Edition.lnk [2010.04.06 15:46:05 | 000,000,020 | -HS- | M] () -- C:\Users\Dome\ntuser.ini [2010.04.06 15:40:57 | 000,056,735 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2010.04.06 15:40:57 | 000,056,735 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.03.29 15:24:46 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.03.16 08:51:59 | 021,005,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2010.03.16 08:51:59 | 016,061,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2010.03.16 08:51:59 | 015,227,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2010.03.16 08:51:59 | 011,906,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2010.03.16 08:51:59 | 011,647,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2010.03.16 08:51:59 | 009,386,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2010.03.16 08:51:59 | 006,279,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2010.03.16 08:51:59 | 005,444,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2010.03.16 08:51:59 | 004,503,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2010.03.16 08:51:59 | 004,029,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2010.03.16 08:51:59 | 003,215,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvencodemft.dll [2010.03.16 08:51:59 | 002,907,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvencodemft.dll [2010.03.16 08:51:59 | 002,893,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2010.03.16 08:51:59 | 002,646,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2010.03.16 08:51:59 | 002,106,472 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2010.03.16 08:51:59 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2010.03.16 08:51:59 | 001,592,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2010.03.16 08:51:59 | 001,296,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2010.03.16 08:51:59 | 000,930,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dpinst.exe [2010.03.16 08:51:59 | 000,657,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NVUNINST.EXE [2010.03.16 08:51:59 | 000,384,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll [2010.03.16 08:51:59 | 000,316,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll [2010.03.16 08:51:59 | 000,239,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1910.dll [2010.03.16 08:51:59 | 000,239,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll [2010.03.16 08:51:59 | 000,064,616 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2010.03.16 08:51:59 | 000,056,424 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2010.03.16 08:51:59 | 000,011,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd [2010.03.16 08:51:59 | 000,009,832 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2010.03.16 02:53:00 | 014,828,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2010.03.16 02:53:00 | 001,515,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2010.03.16 02:53:00 | 001,067,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2010.03.16 02:53:00 | 000,116,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2010.03.16 02:53:00 | 000,061,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2010.03.16 02:52:54 | 000,276,196 | ---- | M] () -- C:\Windows\SysNative\NvApps.xml [2010.03.16 02:52:54 | 000,066,714 | ---- | M] () -- C:\Windows\SysNative\NvwsApps.xml ========== Files Created - No Company Name ========== [2010.04.13 19:17:09 | 000,051,003 | ---- | C] () -- C:\Users\Dome\Desktop\ulz.jpg [2010.04.13 16:13:35 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.12 22:40:33 | 000,002,097 | ---- | C] () -- C:\Users\Dome\Desktop\HijackThis.lnk [2010.04.12 16:28:54 | 000,002,289 | ---- | C] () -- C:\Users\Dome\Desktop\Play SpellForce 2 - Shadow Wars.lnk [2010.04.12 14:29:41 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\lirsgt.sys [2010.04.12 14:28:30 | 174,830,100 | ---- | C] () -- C:\Users\Dome\Desktop\spellforce2_update_v102.exe [2010.04.09 16:32:15 | 000,001,234 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2010.04.08 19:37:26 | 000,001,160 | -H-- | C] () -- C:\Users\Dome\Desktop\$$JetTHM$$.cache [2010.04.08 17:22:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010.04.08 15:42:23 | 000,000,179 | ---- | C] () -- C:\Users\Dome\AppData\Roaming\setup.log [2010.04.08 15:42:22 | 000,000,760 | ---- | C] () -- C:\Users\Dome\AppData\Roaming\setup_ldm.iss [2010.04.08 15:39:43 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\Logitech-Maus- und -Tastatureinstellungen.lnk [2010.04.08 15:37:35 | 000,001,751 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2010.04.08 15:25:10 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP6.dll [2010.04.08 15:25:09 | 001,144,983 | ---- | C] () -- C:\Windows\SysWow64\KB936225x64.msu [2010.04.08 15:25:09 | 000,389,120 | ---- | C] () -- C:\Windows\SysNative\CMICNFG3.cpl [2010.04.08 15:25:07 | 000,792,576 | ---- | C] () -- C:\Windows\SysNative\Cmeaupci.exe [2010.04.08 15:25:07 | 000,010,134 | ---- | C] () -- C:\Windows\cmeauPCI.ico [2010.04.08 15:25:07 | 000,000,188 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl [2010.04.08 15:25:07 | 000,000,138 | ---- | C] () -- C:\Windows\System\Dlap.pfx [2010.04.08 15:24:05 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll [2010.04.08 15:24:05 | 000,002,123 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg [2010.04.08 15:24:05 | 000,000,168 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi [2010.04.08 15:24:05 | 000,000,107 | ---- | C] () -- C:\Windows\System\Cmicnfg3.ini [2010.04.08 15:24:04 | 000,002,754 | ---- | C] () -- C:\Windows\cmudax3.ini [2010.04.07 00:15:42 | 000,524,288 | -HS- | C] () -- C:\Users\Dome\ntuser.dat{94637967-41c6-11df-a4f2-001617172530}.TMContainer00000000000000000002.regtrans-ms [2010.04.07 00:15:42 | 000,524,288 | -HS- | C] () -- C:\Users\Dome\ntuser.dat{94637967-41c6-11df-a4f2-001617172530}.TMContainer00000000000000000001.regtrans-ms [2010.04.07 00:15:42 | 000,065,536 | -HS- | C] () -- C:\Users\Dome\ntuser.dat{94637967-41c6-11df-a4f2-001617172530}.TM.blf [2010.04.06 23:52:36 | 000,524,288 | -HS- | C] () -- C:\Users\Dome\ntuser.dat{2020af51-41c4-11df-bbf6-001617172530}.TMContainer00000000000000000002.regtrans-ms [2010.04.06 23:52:36 | 000,524,288 | -HS- | C] () -- C:\Users\Dome\ntuser.dat{2020af51-41c4-11df-bbf6-001617172530}.TMContainer00000000000000000001.regtrans-ms [2010.04.06 23:52:35 | 000,065,536 | -HS- | C] () -- C:\Users\Dome\ntuser.dat{2020af51-41c4-11df-bbf6-001617172530}.TM.blf [2010.04.06 23:32:23 | 000,033,134 | ---- | C] () -- C:\Users\Dome\AppData\Roaming\UserTile.png [2010.04.06 21:56:44 | 000,007,143 | ---- | C] () -- C:\Windows\SysNative\nvide.nvu [2010.04.06 21:56:12 | 000,004,984 | ---- | C] () -- C:\Windows\SysNative\drivers\nvphy.bin [2010.04.06 20:44:55 | 000,001,861 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk [2010.04.06 20:44:13 | 000,380,928 | ---- | C] () -- C:\Windows\SysWow64\actskin4.ocx [2010.04.06 20:13:19 | 000,001,021 | ---- | C] () -- C:\Users\Dome\Desktop\JDownloader.lnk [2010.04.06 19:22:41 | 000,002,057 | ---- | C] () -- C:\Users\Public\Desktop\Counter-Strike 1.6 DigitalZone.lnk [2010.04.06 19:22:41 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Half-Life DigitalZone.lnk [2010.04.06 19:19:25 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\Half-Life 2.lnk [2010.04.06 19:17:28 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Source Dedicated Server.lnk [2010.04.06 19:16:21 | 000,002,097 | ---- | C] () -- C:\Users\Public\Desktop\Quick Server.lnk [2010.04.06 19:16:21 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\Counter-Strike Source.lnk [2010.04.06 18:59:56 | 000,001,358 | ---- | C] () -- C:\Users\Dome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2010.04.06 18:52:32 | 000,001,825 | ---- | C] () -- C:\Users\Public\Desktop\jetAudio.lnk [2010.04.06 18:34:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2010.04.06 18:29:54 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll [2010.04.06 17:01:29 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2010.04.06 17:01:28 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2010.04.06 17:01:28 | 000,005,504 | ---- | C] () -- C:\Windows\SysNative\drivers\StarOpen.sys [2010.04.06 16:59:29 | 000,001,768 | ---- | C] () -- C:\Users\Dome\Desktop\Defraggler.lnk [2010.04.06 16:38:52 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.04.06 16:36:06 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2010.04.06 16:36:05 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2010.04.06 16:15:09 | 000,009,832 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2010.04.06 16:00:11 | 000,001,115 | ---- | C] () -- C:\Users\Dome\Desktop\Driver Genius Professional Edition.lnk [2010.04.06 15:46:05 | 001,048,576 | -HS- | C] () -- C:\Users\Dome\ntuser.dat [2010.04.06 15:46:05 | 000,524,288 | -HS- | C] () -- C:\Users\Dome\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.04.06 15:46:05 | 000,524,288 | -HS- | C] () -- C:\Users\Dome\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.04.06 15:46:05 | 000,262,144 | -HS- | C] () -- C:\Users\Dome\ntuser.dat.LOG1 [2010.04.06 15:46:05 | 000,065,536 | -HS- | C] () -- C:\Users\Dome\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.04.06 15:46:05 | 000,000,020 | -HS- | C] () -- C:\Users\Dome\ntuser.ini [2010.04.06 15:46:05 | 000,000,000 | -HS- | C] () -- C:\Users\Dome\ntuser.dat.LOG2 [2010.04.06 15:37:08 | 1610,260,480 | -HS- | C] () -- C:\hiberfil.sys [2010.03.16 02:52:54 | 000,276,196 | ---- | C] () -- C:\Windows\SysNative\NvApps.xml [2010.03.16 02:52:54 | 000,066,714 | ---- | C] () -- C:\Windows\SysNative\NvwsApps.xml [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.04.14 07:45:20 | 000,154,144 | ---- | C] () -- C:\Windows\SysWow64\RTLCPAPI.dll < End of report > |
|
13.04.2010, 20:24
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32.parite. In Winrar. logfile erstellt! Starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
[2010.04.06 21:56:12 | 000,004,984 | ---- | C] () -- C:\Windows\SysNative\drivers\nvphy.bin
:Commands
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.04.2010, 21:12
| #14 |
| | Win32.parite. In Winrar. logfile erstellt! sooo auch der ist erstellt All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. C:\Windows\SysNative\drivers\nvphy.bin moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 50051 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Dome ->Temp folder emptied: 181322776 bytes ->Temporary Internet Files folder emptied: 43935755 bytes ->Java cache emptied: 12118713 bytes ->FireFox cache emptied: 116120701 bytes ->Flash cache emptied: 25506 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 43466369 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 379,00 mb OTL by OldTimer - Version 3.2.1.1 log created on 04142010_220806 Files\Folders moved on Reboot... C:\Users\Dome\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
14.04.2010, 21:23
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32.parite. In Winrar. logfile erstellt! Sieht ok aus. Mach bitte Vollscans zur Kontrolle mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Win32.parite. In Winrar. logfile erstellt! |
| antivirus, ask toolbar, ask.com, avast, avast!, bho, cdburnerxp, dll, explorer, firefox, helper, hijack, hijackthis, hijackthis logfile, icq, internet, internet explorer, logfile, lsass.exe, microsoft, mozilla, nvidia, object, ordner, plug-in, rundll, software, syswow64, updates, windows, windows dienst, wmp |
Linear-Darstellung
