| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: icq virus "wie findest du das bild"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.06.2010, 14:54
| #1 |
 |  icq virus "wie findest du das bild" einmal die "otl" textnachricht: OTL logfile created on: 19.06.2010 14:39:58 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = D:\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 767,00 Mb Total Physical Memory | 84,00 Mb Available Physical Memory | 11,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 40,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 38,96 Gb Total Space | 27,93 Gb Free Space | 71,67% Space Free | Partition Type: NTFS Drive D: | 193,82 Gb Total Space | 151,48 Gb Free Space | 78,15% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DELIC-IOUS-PC Current User Name: Delic-ious Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\DELIC-~1\AppData\Local\Temp\Lwi.exe () PRC - C:\Users\DELIC-~1\AppData\Local\Temp\Lwd.exe () PRC - C:\Users\Public\winscdnr.exe () PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - D:\Programme\Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\3DSP\BluetoothWLAN_usb\Utilities\USBMa.exe (3DSP corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - D:\Programme\1&1\Join Air\AssistantServices.exe () PRC - D:\Programme\1&1\Join Air\UIExec.exe () PRC - C:\Program Files\3DSP\BluetoothWLAN_usb\Utilities\UsbCS.exe (3DSP corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\3DSP\BluetoothWLAN_usb\Utilities\USBMS.exe (3DSP corporation) PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) ========== Modules (SafeList) ========== MOD - D:\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Hamachi2Svc) -- D:\Programme\Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (UI Assistant Service) -- D:\Programme\1&1\Join Air\AssistantServices.exe () SRV - (UsbCS) -- C:\Program Files\3DSP\BluetoothWLAN_usb\Utilities\UsbCS.exe (3DSP corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (3DSP Corporation Monitor Service) -- C:\Program Files\3DSP\BluetoothWLAN_usb\Utilities\USBMS.exe (3DSP corporation) ========== Driver Services (SafeList) ========== DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek ) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (RTL8187Se) -- C:\Windows\System32\drivers\RTL8187Se.sys (Realtek Semiconductor Corporation ) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-882710684-677920885-2201144173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-882710684-677920885-2201144173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-882710684-677920885-2201144173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 49 C7 43 81 EF CA 01 [binary data] IE - HKU\S-1-5-21-882710684-677920885-2201144173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.09 15:48:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.18 17:18:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.05.09 15:49:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.05.09 15:49:53 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\mozilla\Extensions [2010.05.09 15:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Delic-ious\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.05.09 17:44:50 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\mozilla\Firefox\Profiles\rab7fxoc.default\extensions [2010.05.16 01:11:14 | 000,002,059 | ---- | M] () -- C:\Users\Delic-ious\AppData\Roaming\Mozilla\FireFox\Profiles\rab7fxoc.default\searchplugins\daemon-search.xml [2010.05.14 00:57:52 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2010.04.01 17:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.04.01 17:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.04.01 17:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.04.01 17:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.04.01 17:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O3 - HKU\S-1-5-21-882710684-677920885-2201144173-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Programme\AcrobatReader\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [UIExec] D:\Programme\1&1\Join Air\UIExec.exe () O4 - HKLM..\Run: [USBMaLoader.exe] C:\Program Files\3DSP\BluetoothWLAN_usb\Utilities\USBMaLoader.exe (3DSP corporation) O4 - HKU\S-1-5-21-882710684-677920885-2201144173-1000..\Run: [Halo2] C:\Benutzer\Delic-ious\AppData\Local\Temp\sshnas21.dll File not found O4 - HKU\S-1-5-21-882710684-677920885-2201144173-1000..\Run: [M5T8QL3YW3] C:\Users\DELIC-~1\AppData\Local\Temp\Lwd.exe () O4 - HKU\S-1-5-21-882710684-677920885-2201144173-1000..\Run: [Windows Firewall Service] C:\Users\Public\winscdnr.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{c4c1f9d1-607f-11df-9ec5-00e04c008703}\Shell - "" = AutoRun O33 - MountPoints2\{c4c1f9d1-607f-11df-9ec5-00e04c008703}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found O33 - MountPoints2\{c4c1f9d1-607f-11df-9ec5-00e04c008703}\Shell\dxsetup\command - "" = F:\directx\dxsetup.exe -- File not found O33 - MountPoints2\{c4c1f9d1-607f-11df-9ec5-00e04c008703}\Shell\setup\command - "" = F:\setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2009.07.14 03:37:08 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) MsConfig - StartUpFolder: C:^Users^Delic-ious^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE - () MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - D:\Programme\AcrobatReader\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - D:\Programme\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - D:\Programme\Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) ========== Files/Folders - Created Within 30 Days ========== [2010.06.19 14:10:10 | 000,000,000 | ---D | C] -- C:\Users\Delic-ious\AppData\Local\PokerStars.NET [2010.06.19 14:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.NET [2010.06.19 10:39:03 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010.06.19 10:39:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2010.06.19 10:38:57 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.06.19 10:33:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010.06.19 10:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.06.19 10:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2010.06.18 17:15:28 | 000,000,000 | ---D | C] -- C:\Users\Delic-ious\AppData\Roaming\Avira [2010.06.09 16:51:00 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.06.09 16:50:59 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.06.09 16:50:54 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.06.09 16:50:53 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.06.09 16:50:53 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.06.09 16:50:52 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.06.09 16:49:41 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.06.09 16:49:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.05.31 15:33:30 | 000,000,000 | ---D | C] -- C:\Users\Delic-ious\AppData\Roaming\dvdcss [2010.05.30 19:13:04 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.05.26 12:21:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.05.20 20:44:01 | 000,000,000 | ---D | C] -- C:\Users\Delic-ious\AppData\Local\Adobe [2010.05.20 20:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010.05.20 20:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe ========== Files - Modified Within 30 Days ========== [2010.06.19 14:46:55 | 001,048,576 | -HS- | M] () -- C:\Users\Delic-ious\NTUSER.DAT [2010.06.19 14:40:09 | 000,000,302 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.06.19 14:28:07 | 000,000,302 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.06.19 14:10:04 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.net.lnk [2010.06.19 12:56:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.19 10:49:58 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.19 10:49:58 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.19 10:47:06 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.19 10:47:06 | 000,641,706 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.19 10:47:06 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.19 10:47:06 | 000,126,062 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.19 10:47:06 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.19 10:41:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.19 10:40:46 | 603,381,760 | -HS- | M] () -- C:\hiberfil.sys [2010.06.19 10:39:27 | 003,108,119 | -H-- | M] () -- C:\Users\Delic-ious\AppData\Local\IconCache.db [2010.06.19 10:38:52 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.06.19 10:38:49 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe [2010.06.19 10:38:14 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010.06.19 10:33:47 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.06.18 17:18:46 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.06.10 15:40:57 | 000,289,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.05.30 22:30:59 | 000,000,685 | ---- | M] () -- C:\Users\Delic-ious\Desktop\IrfanView.lnk [2010.05.27 08:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.05.27 04:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.05.21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.05.21 06:14:50 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll ========== Files Created - No Company Name ========== [2010.06.19 14:10:04 | 000,001,051 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.net.lnk [2010.06.19 12:54:46 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2010.06.19 10:41:44 | 000,000,302 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.06.19 10:33:47 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.06.18 17:08:13 | 000,000,302 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.05.30 22:30:59 | 000,000,685 | ---- | C] () -- C:\Users\Delic-ious\Desktop\IrfanView.lnk [2010.05.20 20:42:25 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.05.16 01:11:10 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.11.06 14:53:28 | 000,001,865 | ---- | C] () -- C:\Windows\USBWBCONF.ini [2009.11.06 14:53:28 | 000,001,865 | ---- | C] () -- C:\Windows\System32\drivers\USBWBCONF.ini [2009.08.10 14:21:20 | 000,012,998 | ---- | C] () -- C:\Windows\USBWBLANG.ini [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll ========== LOP Check ========== [2010.05.16 00:38:10 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\DAEMON Tools Lite [2010.06.18 06:55:22 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\foobar2000 [2010.05.09 17:42:13 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\Miranda [2010.05.14 01:02:11 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\OpenOffice.org [2010.05.09 15:49:51 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\Thunderbird [2009.07.14 05:53:46 | 000,025,908 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.06.19 14:28:07 | 000,000,302 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.06.19 14:40:09 | 000,000,302 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.05.20 20:44:01 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\Adobe [2010.06.18 17:15:28 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\Avira [2010.05.16 00:38:10 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\DAEMON Tools Lite [2010.06.16 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\dvdcss [2010.06.18 06:55:22 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\foobar2000 [2010.05.09 15:04:26 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\Identities [2010.05.09 16:05:12 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\Macromedia [2009.07.14 08:48:45 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\Media Center Programs [2010.05.13 15:08:39 | 000,000,000 | --SD | M] -- C:\Users\Delic-ious\AppData\Roaming\Microsoft [2010.05.09 17:42:13 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\Miranda [2010.05.09 15:48:14 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\Mozilla [2010.05.14 01:02:11 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\OpenOffice.org [2010.05.30 19:13:22 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\Skype [2010.05.09 20:36:56 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\skypePM [2010.05.09 15:49:51 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\Thunderbird [2010.06.19 14:07:53 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\vlc [2010.05.10 17:40:01 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: NVSTOR32.SYS > [2009.08.04 17:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.51\English\IDE\Win7\sataraid\nvstor32.sys [2009.08.04 17:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.51\English\IDE\WinVista\sataraid\nvstor32.sys [2009.08.04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.51\English\IDE\Win7\sata_ide\nvstor32.sys [2009.08.04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.51\English\IDE\WinVista\sata_ide\nvstor32.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.05.16 01:11:10 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.07.14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll < 5. Klicke "run Scan" > < 6. 2 reporte werden erstellt: > < OTL.Txt > < Extras.Txt > < End of report > und einmal die extras otl textdatei: OTL Extras logfile created on: 19.06.2010 14:39:58 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = D:\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 767,00 Mb Total Physical Memory | 84,00 Mb Available Physical Memory | 11,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 40,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 38,96 Gb Total Space | 27,93 Gb Free Space | 71,67% Space Free | Partition Type: NTFS Drive D: | 193,82 Gb Total Space | 151,48 Gb Free Space | 78,15% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DELIC-IOUS-PC Current User Name: Delic-ious Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-882710684-677920885-2201144173-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Users\Public\winscdnr.exe" = C:\Users\Public\winscdnr.exe:*:Enabled:Windows Firewall Service -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6 "{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2 "{1D5D11D1-4395-4CC0-B563-1584C5582787}" = 3DSP WLAN and Bluetooth USB Adapter "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi "{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "Ad-Aware" = Ad-Aware "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ANNO 1602 - Gold Edition" = ANNO 1602 - Gold Edition "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "foobar2000" = foobar2000 v1.0.3 "IrfanView" = IrfanView (remove only) "LogMeIn Hamachi" = LogMeIn Hamachi "Miranda IM" = Miranda IM 0.8.23 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4) "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "PokerStars.net" = PokerStars.net "VLC media player" = VLC media player 1.0.5 "WinRAR archiver" = WinRAR archiver ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-882710684-677920885-2201144173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 15.05.2010 20:06:00 | Computer Name = Delic-ious-PC | Source = MsiInstaller | ID = 10005 Description = Error - 15.05.2010 20:10:48 | Computer Name = Delic-ious-PC | Source = VSS | ID = 8194 Description = Error - 15.05.2010 19:39:16 | Computer Name = Delic-ious-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: 1602.EXE, Version: 0.2.5.2, Zeitstempel: 0x37c2b625 Name des fehlerhaften Moduls: 1602.EXE, Version: 0.2.5.2, Zeitstempel: 0x37c2b625 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00007a8b ID des fehlerhaften Prozesses: 0x37c Startzeit der fehlerhaften Anwendung: 0x01caf484ff69c270 Pfad der fehlerhaften Anwendung: D:\Program Files\ANNO 1602 - Gold Edition\1602.EXE Pfad des fehlerhaften Moduls: D:\Program Files\ANNO 1602 - Gold Edition\1602.EXE Berichtskennung: 12b3aff0-607b-11df-9ec6-00e04c008703 Error - 17.05.2010 09:59:35 | Computer Name = Delic-ious-PC | Source = RasClient | ID = 20227 Description = Error - 26.05.2010 09:31:20 | Computer Name = Delic-ious-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.2.3743 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 400 Startzeit: 01cafcd6ae38b7d0 Endzeit: 44 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe Berichts-ID: e5871b2d-68ca-11df-81d1-00e04c008703 Error - 07.06.2010 12:29:08 | Computer Name = Delic-ious-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.2.3743 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 414 Startzeit: 01cb065da2bac368 Endzeit: 44 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe Berichts-ID: b89f5b49-7251-11df-8960-00e04c008703 Error - 09.06.2010 16:03:29 | Computer Name = Delic-ious-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.2.3743 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ec4 Startzeit: 01cb08076f2bb40c Endzeit: 49 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe Berichts-ID: f7d488a5-7401-11df-833b-00e04c008703 Error - 10.06.2010 11:02:54 | Computer Name = Delic-ious-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.2.3743 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: dac Startzeit: 01cb08ab36402b60 Endzeit: 42 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe Berichts-ID: 2c1b94f1-74a1-11df-8870-00e04c008703 Error - 12.06.2010 07:02:58 | Computer Name = Delic-ious-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.2.3743 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 29c Startzeit: 01cb0a1cc9c37ca8 Endzeit: 28 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe Berichts-ID: fbe7b829-7611-11df-be8c-00e04c008703 Error - 19.06.2010 05:34:47 | Computer Name = Delic-ious-PC | Source = Lavasoft Ad-Aware Service | ID = 0 Description = [ System Events ] Error - 18.06.2010 07:04:11 | Computer Name = Delic-ious-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Null Error - 18.06.2010 12:21:48 | Computer Name = Delic-ious-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Null Error - 18.06.2010 18:40:01 | Computer Name = Delic-ious-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Null Error - 18.06.2010 19:01:14 | Computer Name = Delic-ious-PC | Source = DCOM | ID = 10010 Description = Error - 19.06.2010 04:15:49 | Computer Name = Delic-ious-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Null Error - 19.06.2010 04:21:06 | Computer Name = Delic-ious-PC | Source = DCOM | ID = 10010 Description = Error - 19.06.2010 05:34:48 | Computer Name = Delic-ious-PC | Source = Service Control Manager | ID = 7030 Description = Der Dienst "Lavasoft Ad-Aware Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 19.06.2010 05:41:49 | Computer Name = Delic-ious-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Null Error - 19.06.2010 05:48:11 | Computer Name = Delic-ious-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 19.06.2010 07:52:20 | Computer Name = Delic-ious-PC | Source = ACPI | ID = 327685 Description = AMLI: ACPI-BIOS versucht, in eine ungültige E/A-Portadresse (0x90) zu schreiben, die sich in "0x90 - 0x91", einem geschützten Adressbereich befindet. Dies kann zu Systeminstabilität führen. Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten. < End of report > |
|
19.06.2010, 16:01
| #2 |
| /// Malware-holic   | icq virus "wie findest du das bild" Fixen mit OTL
__________________• Starte bitte die OTL.exe. Vista-User mit Rechtsklick "als Administrator starten" • Kopiere nun das Folgende in die Textbox. :OTL PRC - C:\Users\DELIC-~1\AppData\Local\Temp\Lwi.exe () PRC - C:\Users\DELIC-~1\AppData\Local\Temp\Lwd.exe () PRC - C:\Users\Public\winscdnr.exe () O3 - HKU\S-1-5-21-882710684-677920885-2201144173-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4 - HKU\S-1-5-21-882710684-677920885-2201144173-1000..\Run: [Halo2] C:\Benutzer\Delic-ious\AppData\Local\Temp\sshnas21.dll File not found O4 - HKU\S-1-5-21-882710684-677920885-2201144173-1000..\Run: [M5T8QL3YW3] C:\Users\DELIC-~1\AppData\Local\Temp\Lwd.exe () O4 - HKU\S-1-5-21-882710684-677920885-2201144173-1000..\Run: [Windows Firewall Service] C:\Users\Public\winscdnr.exe () [2010.06.19 14:40:09 | 000,000,302 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.06.19 14:28:07 | 000,000,302 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job :Files C:\Users\DELIC-~1\AppData\Local\Temp\Lwi.exe C:\Users\Public\winscdnr.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Run Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument dieses posten download malwarebytes: Malwarebytes instalieren, updaten, in dem du malwarebytes öffnest, auf aktualisierung klickst und dann das programm updatest. dann registerkarte scanner, komplett scan, funde löschen log posten. |
|
19.06.2010, 19:04
| #3 |
| | icq virus "wie findest du das bild" So das wäre dann wohl diese Textdatei:
__________________All processes killed ========== OTL ========== No active process named Lwi.exe was found! No active process named Lwd.exe was found! No active process named winscdnr.exe was found! Registry value HKEY_USERS\S-1-5-21-882710684-677920885-2201144173-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. Registry value HKEY_USERS\S-1-5-21-882710684-677920885-2201144173-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Halo2 deleted successfully. Registry value HKEY_USERS\S-1-5-21-882710684-677920885-2201144173-1000\Software\Microsoft\Windows\CurrentVersion\Run\\M5T8QL3YW3 deleted successfully. C:\Users\DELIC-~1\AppData\Local\Temp\Lwd.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-882710684-677920885-2201144173-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Firewall Service deleted successfully. C:\Users\Public\winscdnr.exe moved successfully. C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job moved successfully. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully. ========== FILES ========== C:\Users\DELIC-~1\AppData\Local\Temp\Lwi.exe moved successfully. File\Folder C:\Users\Public\winscdnr.exe not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Delic-ious ->Flash cache emptied: 23507 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Delic-ious ->Temp folder emptied: 120047494 bytes ->Temporary Internet Files folder emptied: 74959421 bytes ->Java cache emptied: 4307860 bytes ->FireFox cache emptied: 56667520 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2378406 bytes RecycleBin emptied: 174258 bytes Total Files Cleaned = 247,00 mb OTL by OldTimer - Version 3.2.6.0 log created on 06192010_195351 Files\Folders moved on Reboot... C:\Users\Delic-ious\AppData\Local\Temp\sshnas21.dll moved successfully. Registry entries deleted on Reboot... |
|
19.06.2010, 19:24
| #4 |
| /// Malware-holic | icq virus "wie findest du das bild" sehr gut. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
19.06.2010, 20:28
| #5 |
| | icq virus "wie findest du das bild" So hier ist die Cobofix Datei: Combofix Logfile: Code:
ATTFilter ComboFix 10-06-18.03 - Delic-ious 19.06.2010 21:05:36.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1033.18.767.250 [GMT 1:00]
ausgeführt von:: c:\users\Delic-ious\Desktop\ComboFix.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-05-19 bis 2010-06-19 ))))))))))))))))))))))))))))))
.
2010-06-19 19:58 . 2010-06-19 20:00 -------- d-----w- C:\32788R22FWJFW
2010-06-19 13:10 . 2010-06-19 14:38 -------- d-----w- c:\users\Delic-ious\AppData\Local\PokerStars.NET
2010-06-19 13:09 . 2010-06-19 13:10 -------- d-----w- c:\program files\PokerStars.NET
2010-06-19 11:54 . 2010-06-19 09:38 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-19 09:39 . 2010-06-19 09:38 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-19 09:39 . 2010-06-19 09:39 -------- dc----w- c:\windows\system32\DRVSTORE
2010-06-19 09:38 . 2010-06-19 09:38 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-19 09:33 . 2010-06-19 09:33 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-19 09:33 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-06-19 09:33 . 2010-06-19 09:39 -------- d-----w- c:\programdata\Lavasoft
2010-06-19 09:33 . 2010-06-19 09:34 -------- d-----w- c:\program files\Lavasoft
2010-06-18 16:15 . 2010-06-18 16:15 -------- d-----w- c:\users\Delic-ious\AppData\Roaming\Avira
2010-06-09 15:51 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 15:50 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 15:50 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-09 15:49 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 15:49 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-31 14:33 . 2010-06-16 18:18 -------- d-----w- c:\users\Delic-ious\AppData\Roaming\dvdcss
2010-05-26 11:21 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-19 20:09 . 2010-05-09 15:16 641706 ----a-w- c:\windows\system32\perfh007.dat
2010-06-19 20:09 . 2010-05-09 15:16 126062 ----a-w- c:\windows\system32\perfc007.dat
2010-06-19 15:10 . 2010-05-09 15:01 -------- d-----w- c:\users\Delic-ious\AppData\Roaming\vlc
2010-06-18 05:55 . 2010-05-09 15:02 -------- d-----w- c:\users\Delic-ious\AppData\Roaming\foobar2000
2010-06-17 18:18 . 2010-05-14 00:02 1 ----a-w- c:\users\Delic-ious\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-30 18:13 . 2010-05-09 19:33 -------- d-----w- c:\users\Delic-ious\AppData\Roaming\Skype
2010-05-21 13:14 . 2010-05-09 14:26 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-20 19:42 . 2010-05-20 19:41 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-16 00:11 . 2010-05-16 00:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-16 00:10 . 2010-05-16 00:10 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-05-15 23:38 . 2010-05-16 00:10 -------- d-----w- c:\users\Delic-ious\AppData\Roaming\DAEMON Tools Lite
2010-05-15 19:22 . 2010-05-09 15:33 62952 ----a-w- c:\users\Delic-ious\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-14 00:02 . 2010-05-14 00:02 -------- d-----w- c:\users\Delic-ious\AppData\Roaming\OpenOffice.org
2010-05-13 23:59 . 2010-05-13 23:59 -------- d-----w- c:\program files\JRE
2010-05-13 23:58 . 2010-05-13 23:58 -------- d-----w- c:\program files\OpenOffice.org 3
2010-05-13 23:58 . 2010-05-13 23:58 -------- d-----w- c:\program files\Common Files\Java
2010-05-13 23:57 . 2010-05-13 23:57 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-05-13 23:57 . 2010-05-13 23:57 -------- d-----w- c:\program files\Java
2010-05-11 21:49 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-11 21:23 . 2010-05-09 14:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-11 16:53 . 2010-05-09 15:19 -------- d-----w- c:\programdata\NVIDIA
2010-05-11 16:50 . 2010-05-11 16:50 -------- d-----w- c:\program files\3DSP
2010-05-11 16:47 . 2010-05-09 14:06 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-05-11 16:47 . 2010-05-09 14:06 -------- d--h--w- c:\program files\Temp
2010-05-09 19:51 . 2010-05-09 19:32 -------- d-----w- c:\programdata\Skype
2010-05-09 19:36 . 2010-05-09 19:36 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-05-09 19:36 . 2010-05-09 19:36 -------- d-----w- c:\users\Delic-ious\AppData\Roaming\skypePM
2010-05-09 16:42 . 2010-05-09 15:08 -------- d-----w- c:\users\Delic-ious\AppData\Roaming\Miranda
2010-05-09 15:32 . 2010-05-09 15:32 -------- d-----w- c:\programdata\Avira
2010-05-09 15:32 . 2010-05-09 15:32 -------- d-----w- c:\program files\Avira
2010-05-09 15:19 . 2010-05-09 15:18 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-09 15:14 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-05-09 15:14 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal
2010-05-09 15:14 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-05-09 15:14 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-05-09 15:14 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-05-09 15:13 . 2010-05-09 15:16 38104 ----a-w- c:\windows\system32\perfd007.dat
2010-05-09 15:13 . 2010-05-09 15:16 295922 ----a-w- c:\windows\system32\perfi007.dat
2010-05-09 15:13 . 2010-05-09 15:14 38104 ----a-w- c:\windows\inf\PERFLIB\0407\perfd.dat
2010-05-09 15:13 . 2010-05-09 15:14 38104 ----a-w- c:\windows\inf\PERFLIB\0407\perfc.dat
2010-05-09 15:13 . 2010-05-09 15:14 295922 ----a-w- c:\windows\inf\PERFLIB\0407\perfi.dat
2010-05-09 15:13 . 2010-05-09 15:14 295922 ----a-w- c:\windows\inf\PERFLIB\0407\perfh.dat
2010-05-09 15:00 . 2010-05-09 15:00 -------- d-----w- c:\program files\VideoLAN
2010-05-09 14:49 . 2010-05-09 14:49 -------- d-----w- c:\users\Delic-ious\AppData\Roaming\Thunderbird
2010-05-09 14:49 . 2010-05-09 14:49 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-05-09 14:06 . 2010-05-09 14:06 -------- d-----w- c:\program files\Realtek
2010-05-09 14:06 . 2010-05-09 14:06 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-09 13:53 . 2010-05-09 13:53 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-03 17:27 . 2010-04-03 17:27 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-04-03 17:27 . 2010-04-03 17:27 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-04-03 17:27 . 2010-04-03 17:27 13683816 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 17:27 . 2010-04-03 17:27 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-04-03 17:27 . 2010-04-03 17:27 110696 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"USBMaLoader.exe"="c:\program files\3DSP\BluetoothWLAN_usb\Utilities\USBMaLoader.exe" [2009-06-30 20480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-09-24 6335008]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-09-24 1833504]
"UIExec"="d:\programme\1&1\Join Air\UIExec.exe" [2009-08-31 132608]
"Adobe Reader Speed Launcher"="d:\programme\AcrobatReader\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Users^Delic-ious^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Delic-ious\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- d:\programme\AcrobatReader\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- d:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 10:16 1820040 ----a-w- d:\programme\Hamachi\hamachi-2-ui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 14:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-16 691696]
R2 3DSP Corporation Monitor Service;3DSP Corporation Monitor Service;c:\program files\3DSP\BluetoothWLAN_usb\Utilities\USBMS.exe [2009-06-22 32768]
R2 UI Assistant Service;UI Assistant Service;d:\programme\1&1\Join Air\AssistantServices.exe [2009-08-31 241664]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-22 9728]
R3 UsbCS;UsbCS;c:\program files\3DSP\BluetoothWLAN_usb\Utilities\UsbCS.exe [2009-07-15 90112]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2009-07-13 4608]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-19 64288]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;d:\programme\Hamachi\hamachi-2.exe [2010-03-30 1107336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-06-19 1352832]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Delic-ious\AppData\Roaming\Mozilla\Firefox\Profiles\rab7fxoc.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - plugin: d:\programme\AcrobatReader\Reader\browser\nppdf32.dll
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-06-19 21:24:25
ComboFix-quarantined-files.txt 2010-06-19 20:24
Vor Suchlauf: 7 Verzeichnis(se), 29.922.197.504 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 29.696.897.024 Bytes frei
- - End Of File - - B821D8FE31E25E29F36FD3A8D5CDDDFC
|
|
19.06.2010, 20:34
| #6 |
| /// Malware-holic | icq virus "wie findest du das bild" rechtsklick avira schirm, guard deaktivieren. öffne arbeitsplatz, c: dort den ordner _otl suchen, rechtsklick, zu _otl.rar oder zip hinzufügen und an uns hochladen. wie unter 2. http://www.trojaner-board.de/54791-a...ner-board.html gib bescheid, wenn das erledigt ist. download dann malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung. programm updaten. dann registerkarte scanner, komplett scan, funde löschen, log posten |
|
19.06.2010, 22:00
| #7 |
| | icq virus "wie findest du das bild" So hier die Log Datei des scan vorganges: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4216 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 19.06.2010 22:53:03 mbam-log-2010-06-19 (22-53-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 200495 Laufzeit: 53 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: D:\_OTL\MovedFiles\06192010_195351\C_Users\Public\winscdnr.exe (Trojan.Agent) -> Quarantined and deleted successfully. |
|
19.06.2010, 22:05
| #8 |
| /// Malware-holic | icq virus "wie findest du das bild" avira avira so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm. klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten. |
|
20.06.2010, 12:34
| #9 |
| | icq virus "wie findest du das bild" So hier der log von Antivir: Avira AntiVir Personal Erstellungsdatum der Reportdatei: Sonntag, 20. Juni 2010 11:57 Es wird nach 2227595 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Windowsversion : (plain) [6.1.7600] Boot Modus : Normal gebootet Benutzername : Delic-ious Computername : DELIC-IOUS-PC Versionsinformationen: BUILD.DAT : 10.0.0.567 Bytes 19.04.2010 15:50:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 01.04.2010 12:37:35 AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.2010 11:42:16 LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 18:32:59 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 11:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 09:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 19:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 17:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 16:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 11:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 10:35:37 VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 10:35:44 VBASE007.VDF : 7.10.7.219 2048 Bytes 02.06.2010 10:35:44 VBASE008.VDF : 7.10.7.220 2048 Bytes 02.06.2010 10:35:44 VBASE009.VDF : 7.10.7.221 2048 Bytes 02.06.2010 10:35:45 VBASE010.VDF : 7.10.7.222 2048 Bytes 02.06.2010 10:35:45 VBASE011.VDF : 7.10.7.223 2048 Bytes 02.06.2010 10:35:45 VBASE012.VDF : 7.10.7.224 2048 Bytes 02.06.2010 10:35:45 VBASE013.VDF : 7.10.8.37 270336 Bytes 10.06.2010 10:35:46 VBASE014.VDF : 7.10.8.69 138752 Bytes 14.06.2010 10:35:47 VBASE015.VDF : 7.10.8.102 130560 Bytes 16.06.2010 10:35:47 VBASE016.VDF : 7.10.8.103 2048 Bytes 16.06.2010 10:35:47 VBASE017.VDF : 7.10.8.104 2048 Bytes 16.06.2010 10:35:47 VBASE018.VDF : 7.10.8.105 2048 Bytes 16.06.2010 10:35:47 VBASE019.VDF : 7.10.8.106 2048 Bytes 16.06.2010 10:35:48 VBASE020.VDF : 7.10.8.107 2048 Bytes 16.06.2010 10:35:48 VBASE021.VDF : 7.10.8.108 2048 Bytes 16.06.2010 10:35:48 VBASE022.VDF : 7.10.8.109 2048 Bytes 16.06.2010 10:35:48 VBASE023.VDF : 7.10.8.110 2048 Bytes 16.06.2010 10:35:48 VBASE024.VDF : 7.10.8.111 2048 Bytes 16.06.2010 10:35:48 VBASE025.VDF : 7.10.8.112 2048 Bytes 16.06.2010 10:35:48 VBASE026.VDF : 7.10.8.113 2048 Bytes 16.06.2010 10:35:48 VBASE027.VDF : 7.10.8.114 2048 Bytes 16.06.2010 10:35:48 VBASE028.VDF : 7.10.8.115 2048 Bytes 16.06.2010 10:35:49 VBASE029.VDF : 7.10.8.116 2048 Bytes 16.06.2010 10:35:49 VBASE030.VDF : 7.10.8.117 2048 Bytes 16.06.2010 10:35:49 VBASE031.VDF : 7.10.8.127 102912 Bytes 18.06.2010 10:35:49 Engineversion : 8.2.2.6 AEVDF.DLL : 8.1.2.0 106868 Bytes 20.06.2010 10:36:00 AESCRIPT.DLL : 8.1.3.31 1352058 Bytes 20.06.2010 10:35:59 AESCN.DLL : 8.1.6.1 127347 Bytes 20.06.2010 10:35:58 AESBX.DLL : 8.1.3.1 254324 Bytes 20.06.2010 10:36:00 AERDL.DLL : 8.1.4.6 541043 Bytes 20.06.2010 10:35:58 AEPACK.DLL : 8.2.1.1 426358 Bytes 19.03.2010 12:34:51 AEOFFICE.DLL : 8.1.1.0 201081 Bytes 20.06.2010 10:35:57 AEHEUR.DLL : 8.1.1.33 2724214 Bytes 20.06.2010 10:35:56 AEHELP.DLL : 8.1.11.5 242038 Bytes 20.06.2010 10:35:53 AEGEN.DLL : 8.1.3.10 377205 Bytes 20.06.2010 10:35:52 AEEMU.DLL : 8.1.2.0 393588 Bytes 20.06.2010 10:35:51 AECORE.DLL : 8.1.15.3 192886 Bytes 20.06.2010 10:35:51 AEBB.DLL : 8.1.1.0 53618 Bytes 20.06.2010 10:35:50 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 11:59:10 AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 11:59:07 AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 16:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 01.04.2010 12:35:44 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01.04.2010 12:39:49 AVARKT.DLL : 10.0.0.14 227176 Bytes 01.04.2010 12:22:11 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 09:53:25 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 12:57:53 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 15:38:54 NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 14:40:55 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 13:10:08 RCTEXT.DLL : 10.0.53.0 98152 Bytes 09.04.2010 14:14:28 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Lokale Laufwerke Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\alldrives.avp Protokollierung.......................: niedrig Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, F:, Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: ein Optimierter Suchlauf..................: ein Datei Suchmodus.......................: Intelligente Dateiauswahl Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: hoch Abweichende Gefahrenkategorien........: +PCK,+PFS, Beginn des Suchlaufs: Sonntag, 20. Juni 2010 11:57 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AAWTray.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'UIExec.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht Untersuchung der Systemdateien wird begonnen: Signiert -> 'C:\Windows\system32\svchost.exe' Signiert -> 'C:\Windows\system32\winlogon.exe' Signiert -> 'C:\Windows\explorer.exe' Signiert -> 'C:\Windows\system32\smss.exe' Signiert -> 'C:\Windows\system32\wininet.DLL' Signiert -> 'C:\Windows\system32\wsock32.DLL' Signiert -> 'C:\Windows\system32\ws2_32.DLL' Signiert -> 'C:\Windows\system32\services.exe' Signiert -> 'C:\Windows\system32\lsass.exe' Signiert -> 'C:\Windows\system32\csrss.exe' Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys' Signiert -> 'C:\Windows\system32\spoolsv.exe' Signiert -> 'C:\Windows\system32\alg.exe' Signiert -> 'C:\Windows\system32\wuauclt.exe' Signiert -> 'C:\Windows\system32\advapi32.DLL' Signiert -> 'C:\Windows\system32\user32.DLL' Signiert -> 'C:\Windows\system32\gdi32.DLL' Signiert -> 'C:\Windows\system32\kernel32.DLL' Signiert -> 'C:\Windows\system32\ntdll.DLL' Signiert -> 'C:\Windows\system32\ntoskrnl.exe' Signiert -> 'C:\Windows\system32\ctfmon.exe' Die Systemdateien wurden durchsucht ('21' Dateien) Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! [INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! [INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! [INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '368' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' Beginne mit der Suche in 'D:\' <New Volume> Beginne mit der Suche in 'F:\' Der zu durchsuchende Pfad F:\ konnte nicht geöffnet werden! Systemfehler [21]: Das Gerät ist nicht bereit. Ende des Suchlaufs: Sonntag, 20. Juni 2010 12:31 Benötigte Zeit: 34:25 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 14229 Verzeichnisse wurden überprüft 330715 Dateien wurden geprüft 0 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 330715 Dateien ohne Befall 2137 Archive wurden durchsucht 0 Warnungen 0 Hinweise |
|
20.06.2010, 14:52
| #10 |
| /// Malware-holic | icq virus "wie findest du das bild" bitte ein neues otl log erstellen wie im ersten post, mir reicht diesmal aber die otl.txt |
|
20.06.2010, 16:37
| #11 |
| | icq virus "wie findest du das bild" OTL Textdatei: OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.06.2010 15:17:48 - Run 2 OTL by OldTimer - Version 3.2.6.0 Folder = D:\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 767,00 Mb Total Physical Memory | 203,00 Mb Available Physical Memory | 26,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 51,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 38,96 Gb Total Space | 27,90 Gb Free Space | 71,61% Space Free | Partition Type: NTFS Drive D: | 193,82 Gb Total Space | 151,42 Gb Free Space | 78,13% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DELIC-IOUS-PC Current User Name: Delic-ious Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - D:\Programme\Program Files (x86)\Miranda IM\miranda32.exe ( ) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - D:\Programme\Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\3DSP\BluetoothWLAN_usb\Utilities\USBMa.exe (3DSP corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - D:\Programme\1&1\Join Air\AssistantServices.exe () PRC - D:\Programme\1&1\Join Air\UIExec.exe () PRC - C:\Program Files\3DSP\BluetoothWLAN_usb\Utilities\UsbCS.exe (3DSP corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) ========== Modules (SafeList) ========== MOD - D:\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Hamachi2Svc) -- D:\Programme\Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (UI Assistant Service) -- D:\Programme\1&1\Join Air\AssistantServices.exe () SRV - (UsbCS) -- C:\Program Files\3DSP\BluetoothWLAN_usb\Utilities\UsbCS.exe (3DSP corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (3DSP Corporation Monitor Service) -- C:\Program Files\3DSP\BluetoothWLAN_usb\Utilities\USBMS.exe (3DSP corporation) ========== Driver Services (SafeList) ========== DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek ) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (RTL8187Se) -- C:\Windows\System32\drivers\RTL8187Se.sys (Realtek Semiconductor Corporation ) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-882710684-677920885-2201144173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-882710684-677920885-2201144173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-882710684-677920885-2201144173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 49 C7 43 81 EF CA 01 [binary data] IE - HKU\S-1-5-21-882710684-677920885-2201144173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.09 15:48:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.18 17:18:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.05.09 15:49:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.05.09 15:49:53 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\mozilla\Extensions [2010.05.09 15:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Delic-ious\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.05.09 17:44:50 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\mozilla\Firefox\Profiles\rab7fxoc.default\extensions [2010.05.16 01:11:14 | 000,002,059 | ---- | M] () -- C:\Users\Delic-ious\AppData\Roaming\Mozilla\FireFox\Profiles\rab7fxoc.default\searchplugins\daemon-search.xml [2010.05.14 00:57:52 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2010.04.01 17:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.04.01 17:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.04.01 17:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.04.01 17:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.04.01 17:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Programme\AcrobatReader\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] D:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [UIExec] D:\Programme\1&1\Join Air\UIExec.exe () O4 - HKLM..\Run: [USBMaLoader.exe] C:\Program Files\3DSP\BluetoothWLAN_usb\Utilities\USBMaLoader.exe (3DSP corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-882710684-677920885-2201144173-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-882710684-677920885-2201144173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2009.07.14 03:37:08 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) MsConfig - StartUpFolder: C:^Users^Delic-ious^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE - () MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - D:\Programme\AcrobatReader\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - D:\Programme\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - D:\Programme\Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) ========== Files/Folders - Created Within 30 Days ========== [2010.06.20 11:39:48 | 000,000,000 | ---D | C] -- C:\Users\Delic-ious\AppData\Roaming\Avira [2010.06.20 11:33:54 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.06.20 11:33:51 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.06.20 11:33:51 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.06.20 11:33:51 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.06.20 11:33:51 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.06.20 11:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.06.20 11:33:47 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010.06.19 21:49:11 | 000,000,000 | ---D | C] -- C:\Users\Delic-ious\AppData\Roaming\Malwarebytes [2010.06.19 21:49:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.06.19 21:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.19 21:48:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.06.19 21:24:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010.06.19 21:24:29 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010.06.19 21:24:29 | 000,000,000 | ---D | C] -- C:\Users\Delic-ious\AppData\Local\temp [2010.06.19 21:02:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.06.19 21:02:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.06.19 21:02:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.06.19 21:02:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.06.19 20:59:10 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.06.19 20:58:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.06.19 20:58:25 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2010.06.19 14:10:10 | 000,000,000 | ---D | C] -- C:\Users\Delic-ious\AppData\Local\PokerStars.NET [2010.06.19 14:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.NET [2010.06.19 10:39:03 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010.06.19 10:39:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2010.06.19 10:38:57 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.06.19 10:33:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010.06.19 10:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.06.19 10:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2010.06.09 16:51:00 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.06.09 16:50:59 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.06.09 16:50:54 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.06.09 16:50:53 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.06.09 16:50:53 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.06.09 16:50:52 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.06.09 16:49:41 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.06.09 16:49:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.05.31 15:33:30 | 000,000,000 | ---D | C] -- C:\Users\Delic-ious\AppData\Roaming\dvdcss [2010.05.30 19:13:04 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.05.26 12:21:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll ========== Files - Modified Within 30 Days ========== [2010.06.20 15:20:17 | 001,048,576 | -HS- | M] () -- C:\Users\Delic-ious\NTUSER.DAT [2010.06.20 11:34:25 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.06.20 11:29:14 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.20 11:29:14 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.20 11:28:46 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.20 11:28:46 | 000,641,706 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.20 11:28:46 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.20 11:28:46 | 000,126,062 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.20 11:28:46 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.20 11:24:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.20 11:23:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.20 11:23:53 | 603,381,760 | -HS- | M] () -- C:\hiberfil.sys [2010.06.20 11:22:49 | 001,098,159 | -H-- | M] () -- C:\Users\Delic-ious\AppData\Local\IconCache.db [2010.06.19 21:19:54 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010.06.19 20:56:28 | 003,715,012 | R--- | M] () -- C:\Users\Delic-ious\Desktop\ComboFix.exe [2010.06.19 14:10:04 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.net.lnk [2010.06.19 10:38:52 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.06.19 10:38:49 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe [2010.06.19 10:38:14 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010.06.19 10:33:47 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.06.18 17:18:46 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.06.10 15:40:57 | 000,289,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.05.30 22:30:59 | 000,000,685 | ---- | M] () -- C:\Users\Delic-ious\Desktop\IrfanView.lnk [2010.05.27 08:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.05.27 04:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll ========== Files Created - No Company Name ========== [2010.06.20 11:34:25 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.06.19 21:03:00 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.06.19 21:02:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.06.19 21:02:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.06.19 21:02:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.06.19 21:02:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.06.19 20:56:15 | 003,715,012 | R--- | C] () -- C:\Users\Delic-ious\Desktop\ComboFix.exe [2010.06.19 14:10:04 | 000,001,051 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.net.lnk [2010.06.19 12:54:46 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2010.06.19 10:33:47 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.05.30 22:30:59 | 000,000,685 | ---- | C] () -- C:\Users\Delic-ious\Desktop\IrfanView.lnk [2010.05.16 01:11:10 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.11.06 14:53:28 | 000,001,865 | ---- | C] () -- C:\Windows\USBWBCONF.ini [2009.11.06 14:53:28 | 000,001,865 | ---- | C] () -- C:\Windows\System32\drivers\USBWBCONF.ini [2009.08.10 14:21:20 | 000,012,998 | ---- | C] () -- C:\Windows\USBWBLANG.ini [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll ========== LOP Check ========== [2010.05.16 00:38:10 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\DAEMON Tools Lite [2010.06.18 06:55:22 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\foobar2000 [2010.05.09 17:42:13 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\Miranda [2010.05.14 01:02:11 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\OpenOffice.org [2010.05.09 15:49:51 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\Thunderbird [2009.07.14 05:53:46 | 000,027,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.05.20 20:44:01 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\Adobe [2010.06.20 11:39:48 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\Avira [2010.05.16 00:38:10 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\DAEMON Tools Lite [2010.06.16 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\dvdcss [2010.06.18 06:55:22 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\foobar2000 [2010.05.09 15:04:26 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\Identities [2010.05.09 16:05:12 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\Macromedia [2010.06.19 21:49:11 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\Malwarebytes [2009.07.14 08:48:45 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\Media Center Programs [2010.05.13 15:08:39 | 000,000,000 | --SD | M] -- C:\Users\Delic-ious\AppData\Roaming\Microsoft [2010.05.09 17:42:13 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\Miranda [2010.05.09 15:48:14 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\Mozilla [2010.05.14 01:02:11 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\OpenOffice.org [2010.05.30 19:13:22 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\Skype [2010.05.09 20:36:56 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\skypePM [2010.05.09 15:49:51 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\Thunderbird [2010.06.19 16:10:54 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\vlc [2010.05.10 17:40:01 | 000,000,000 | ---D | M] -- C:\Users\Delic-ious\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: NVSTOR32.SYS > [2009.08.04 17:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.51\English\IDE\Win7\sataraid\nvstor32.sys [2009.08.04 17:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.51\English\IDE\WinVista\sataraid\nvstor32.sys [2009.08.04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.51\English\IDE\Win7\sata_ide\nvstor32.sys [2009.08.04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.51\English\IDE\WinVista\sata_ide\nvstor32.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.05.16 01:11:10 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
20.06.2010, 16:47
| #12 |
| /// Malware-holic | icq virus "wie findest du das bild" ok, dann gib mal nen zwischenbericht, wie der pc läuft, sendet icq noch? |
|
20.06.2010, 16:59
| #13 |
| | icq virus "wie findest du das bild" Läuft alles einwandfrei, in der normalen schnelligkeit. |
|
20.06.2010, 17:01
| #14 |
| /// Malware-holic | icq virus "wie findest du das bild" ok, führe noch den eset online scanner aus. Free ESET Online Antivirus Scanner funde entfernen, ergebniss posten. |
|
20.06.2010, 18:35
| #15 |
| | icq virus "wie findest du das bild" So online scan hab ich jetz fertig. hatte 3 funde, hab sie alle gelöscht. Es gab nur keinen Bericht nach dem Scan wie zb nach dem OTL Scan. Was nun? |
|
| Themen zu icq virus "wie findest du das bild" |
| 4d36e972-e325-11ce-bfc1-08002be10318, ad-aware, antivir, autorun, avgntflt.sys, avira, c:\windows\system32\rundll32.exe, components, conhost.exe, corp./icp, defender, desktop, email, error, extras.txt, firefox, firefox.exe, flash player, fontcache, format, install.exe, jusched.exe, langs, local\temp, location, logfile, media center, monitor, mozilla, mozilla thunderbird, msiinstaller, nicht möglich, nvlddmkm.sys, nvstor.sys, oldtimer, otl textdatei, otl.exe, otl.txt, plug-in, port, programdata, realtek, registry, rundll, saver, sched.exe, searchplugins, security, services.exe, software, sptd.sys, start menu, taskhost.exe, uiexec.exe, usb, virus, vista, vlc media player, webcheck, windows, wrapper |
Linear-Darstellung
