| |
| |||||||
Log-Analyse und Auswertung: Icq Virus 'Schau dir das Bild mal an :D'Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.06.2010, 19:45
| #1 |
 |  Icq Virus 'Schau dir das Bild mal an :D' Hallo, das ist übrigens mein erster post in diesem Forum. Mein Problem: der icq virus der momentan im umlauf ist. natürlich habe ich ihn durch einen guten freund erhalten, der mir einen link geschickt hat mit einer nachricht "Schau dir das Bild man an  ".dumm wie ich bin öffne ich den link und downloade natürlich. Nun sendete mein icq account wenn ich online bin diese links an die leute meiner kontaktliste usw. Sofort habe ich einmal ccleaner laufen lassen und dannach malwarebytes. malwarebytes hatte keinen fund und so lies ich HijackThis einmal laufen: Hijackthis logfiles: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:50:50, on 23.06.2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.17037) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\System32\rundll32.exe C:\Program Files\ICQ7.1\ICQ.exe C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe C:\Users\Public\winvsrnc.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Opera\opera.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Ocs_SM] C:\Users\sushikiste\AppData\Roaming\OCS\SM\SearchAnonymizer.exe O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4 O4 - HKCU\..\Run: [Windows System Updates] C:\Users\Public\winvsrnc.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe O8 - Extra context menu item: Free YouTube Download - C:\Users\sushikiste\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} (EAFO3AXLauncher Control) - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: SearchAnonymizer - Unknown owner - C:\Users\sushikiste\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- End of file - 8745 bytes ___________________________________________________________ ich hoffe ich habe alles richtig gemacht und hoffe auf antworten. MfG, Randi |
|
24.06.2010, 08:17
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Icq Virus 'Schau dir das Bild mal an :D' Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
24.06.2010, 12:44
| #3 |
| | Icq Virus 'Schau dir das Bild mal an :D' [*]Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output[*]Unter Extra Registry, wähle bitte Use SafeList[*]Klicke nun auf Run Scan links oben[*]
__________________bei mir gibt es im OTL kein kästchen mit Minimal Output und weder Extra Registry noch Use SafeList. Nunja den Scan hab ich trotzdem gemacht und hier meine logfiles von Malwarebytes und OTL: Malwarebytes LogFiles: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4077 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 24.06.2010 13:28:54 mbam-log-2010-06-24 (13-28-54).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|K:\|) Durchsuchte Objekte: 215014 Laufzeit: 42 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken. C:\Users\sushikiste\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> No action taken. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken. OTL LogFiles: OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.06.2010 13:34:23 - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\sushikiste\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,04 Gb Total Space | 142,35 Gb Free Space | 49,42% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 5,83 Gb Free Space | 58,30% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SUSHIKISTE-PC Current User Name: sushikiste Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.06.24 13:32:25 | 000,163,328 | ---- | M] () -- C:\Users\SUSHIK~1\AppData\Local\Temp\Yfr.exe PRC - [2010.06.24 13:32:22 | 000,171,520 | ---- | M] () -- C:\Users\SUSHIK~1\AppData\Local\Temp\Yfq.exe PRC - [2010.06.24 12:44:47 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\sushikiste\Desktop\OTL.exe PRC - [2010.06.23 19:33:05 | 000,070,656 | RHS- | M] () -- C:\Users\Public\winvsrnc.exe PRC - [2010.05.13 16:40:02 | 000,040,960 | ---- | M] () -- C:\Users\sushikiste\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe PRC - [2010.04.21 01:05:35 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2010.04.21 00:34:24 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.03.18 01:43:38 | 000,835,952 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.02.18 12:49:40 | 000,357,448 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe PRC - [2010.02.18 12:47:34 | 003,203,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe PRC - [2010.02.18 12:25:20 | 000,498,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe PRC - [2010.02.18 12:25:10 | 000,477,768 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe PRC - [2010.02.18 12:24:42 | 001,573,448 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe PRC - [2010.02.18 12:24:32 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe PRC - [2010.02.18 12:24:22 | 000,523,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe PRC - [2010.02.18 12:24:12 | 000,676,424 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe PRC - [2007.09.04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe PRC - [2007.03.01 15:38:48 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.05.29 20:29:46 | 001,708,032 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ========== Modules (SafeList) ========== MOD - [2010.06.24 12:44:47 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\sushikiste\Desktop\OTL.exe MOD - [2006.11.02 11:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2006.11.02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.05.13 16:40:02 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\sushikiste\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2010.04.21 01:05:35 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2007.09.04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) ========== Driver Services (SafeList) ========== DRV - [2010.05.29 22:14:49 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.04.21 18:50:41 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\Windows\System32\SVKP.sys -- (SVKP) DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.11.23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid) DRV - [2009.11.23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.05.16 06:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV - [2008.05.16 06:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV - [2008.05.16 06:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 06:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 06:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV - [2008.05.16 06:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 06:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2007.09.17 00:07:00 | 007,624,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.09.04 19:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclock.sys -- (NVR0Dev) DRV - [2007.08.27 13:20:34 | 001,062,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.04.23 14:19:24 | 000,227,328 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B) DRV - [2007.03.01 16:21:10 | 001,744,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.02.22 03:55:35 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2007.02.22 03:55:35 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007.02.22 03:55:34 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2007.01.06 07:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2007.01.06 07:59:34 | 000,086,096 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce(tm) DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.11.02 09:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV) DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Ocs_SM] C:\Users\sushikiste\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [EBUNWVLUMV] C:\Users\SUSHIK~1\AppData\Local\Temp\Yfr.exe () O4 - HKCU..\Run: [Halo2] C:\Benutzer\sushikiste\AppData\Local\Temp\sshnas21.dll File not found O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) O4 - HKCU..\Run: [Windows System Updates] C:\Users\Public\winvsrnc.exe () O8 - Extra context menu item: Free YouTube Download - C:\Users\sushikiste\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab (EAFO3AXLauncher Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\sushikiste\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\sushikiste\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{ab8be8b0-6b5f-11df-a6db-001aa0594040}\Shell - "" = AutoRun O33 - MountPoints2\{ab8be8b0-6b5f-11df-a6db-001aa0594040}\Shell\AutoRun\command - "" = K:\Launch.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.24 12:44:47 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\sushikiste\Desktop\OTL.exe [2010.06.23 19:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010.06.23 19:49:52 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\sushikiste\Desktop\HJTInstall.exe [2010.06.13 18:57:57 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\Desktop\ertert_data [2010.06.13 18:57:29 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity [2010.06.13 18:57:12 | 002,228,534 | ---- | C] ( ) -- C:\Users\sushikiste\Desktop\audacity-win-1.2.6.exe [2010.06.13 18:53:40 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\AppData\Local\PunkBuster [2010.06.13 18:53:30 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\Documents\EA SPORTS(TM) FIFA Online [2010.06.13 18:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports [2010.06.13 18:31:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\FIFAOnlineSetup [2010.06.13 18:31:00 | 005,866,600 | ---- | C] (Electronic Arts) -- C:\Users\sushikiste\Desktop\FIFAOnlineSetup.exe [2010.06.06 17:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment [2010.06.06 15:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2010.06.06 15:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard [2010.06.06 15:46:33 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\Desktop\World of Warcraft [2010.06.06 15:44:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment [2010.06.04 19:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB [2010.06.04 19:18:01 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\AppData\Roaming\DVDVideoSoftIEHelpers [2010.05.29 22:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\SEGA [2010.05.29 22:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar [2010.05.29 22:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2010.05.29 22:14:19 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\AppData\Roaming\DAEMON Tools Lite [2010.05.29 22:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2010.05.29 21:53:09 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\Desktop\Medieval II - Total War [2010.05.27 23:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Audio Recorder Pro [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.24 13:36:19 | 002,097,152 | -HS- | M] () -- C:\Users\sushikiste\ntuser.dat [2010.06.24 13:32:32 | 000,000,302 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.06.24 13:32:29 | 000,000,302 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.06.24 13:31:15 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.24 13:31:15 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.24 13:31:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.24 13:31:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.24 13:29:43 | 002,773,612 | -H-- | M] () -- C:\Users\sushikiste\AppData\Local\IconCache.db [2010.06.24 12:44:47 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\sushikiste\Desktop\OTL.exe [2010.06.24 12:38:41 | 001,461,736 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.24 12:38:41 | 000,641,106 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.24 12:38:41 | 000,609,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.24 12:38:41 | 000,116,500 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.24 12:38:41 | 000,103,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.24 12:35:45 | 000,163,328 | ---- | M] () -- C:\Users\sushikiste\Desktop\Yfr.exe [2010.06.23 19:50:29 | 000,001,834 | ---- | M] () -- C:\Users\sushikiste\Desktop\HijackThis.lnk [2010.06.23 19:49:52 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\sushikiste\Desktop\HJTInstall.exe [2010.06.21 17:54:42 | 000,384,160 | ---- | M] () -- C:\Users\sushikiste\Desktop\Hip hop Beat in Fl studio 8 (Free MP3 Download).sfk [2010.06.21 17:54:40 | 006,879,088 | ---- | M] () -- C:\Users\sushikiste\Desktop\beathiphoplol.mp3 [2010.06.21 17:47:04 | 000,025,194 | ---- | M] () -- C:\Users\sushikiste\Desktop\saftig.jpg [2010.06.20 22:50:04 | 000,023,976 | ---- | M] () -- C:\Users\sushikiste\Documents\Wow 2010-06-20 22-41-12-53.avi.sfk [2010.06.20 22:41:46 | 000,037,888 | ---- | M] () -- C:\Users\sushikiste\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.20 22:41:28 | 447,565,544 | ---- | M] () -- C:\Users\sushikiste\Documents\Wow 2010-06-20 22-41-12-53.avi [2010.06.18 14:07:22 | 000,000,600 | ---- | M] () -- C:\Users\sushikiste\Documents\Standard.sfvidcap [2010.06.16 23:24:22 | 000,022,496 | ---- | M] () -- C:\Users\sushikiste\Desktop\lolol.sfk [2010.06.16 23:22:25 | 002,871,340 | ---- | M] () -- C:\Users\sushikiste\Desktop\lolol.wav [2010.06.16 23:10:25 | 006,341,539 | ---- | M] () -- C:\Users\sushikiste\Desktop\joshasascha.wmv [2010.06.16 20:51:06 | 001,177,289 | ---- | M] () -- C:\Users\sushikiste\Desktop\peaceisalie.mp3 [2010.06.16 17:26:15 | 038,965,292 | ---- | M] () -- C:\Users\sushikiste\Desktop\Inner Circle - Sweat [A la la la la long] (Instrumental).wav [2010.06.16 16:54:15 | 049,164,332 | ---- | M] () -- C:\Users\sushikiste\Desktop\Hip hop Beat in Fl studio 8 (Free MP3 Download).wav [2010.06.15 00:04:41 | 002,042,465 | ---- | M] () -- C:\Users\sushikiste\Desktop\epictest.mp3 [2010.06.14 16:09:03 | 000,138,968 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.06.14 16:08:55 | 000,214,592 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2010.06.13 18:57:30 | 000,000,712 | ---- | M] () -- C:\Users\sushikiste\Desktop\Audacity.lnk [2010.06.13 18:57:13 | 002,228,534 | ---- | M] ( ) -- C:\Users\sushikiste\Desktop\audacity-win-1.2.6.exe [2010.06.13 18:35:09 | 000,139,152 | ---- | M] () -- C:\Users\sushikiste\AppData\Roaming\PnkBstrK.sys [2010.06.13 18:34:52 | 000,794,408 | ---- | M] () -- C:\Windows\System32\pbsvc.exe [2010.06.13 18:31:09 | 005,866,600 | ---- | M] (Electronic Arts) -- C:\Users\sushikiste\Desktop\FIFAOnlineSetup.exe [2010.06.11 22:32:51 | 000,000,606 | ---- | M] () -- C:\Users\sushikiste\Desktop\Wow - Verknüpfung.lnk [2010.06.10 21:39:16 | 005,293,527 | ---- | M] () -- C:\Users\sushikiste\Desktop\LoLRoflcopteR.wmv [2010.06.10 21:36:38 | 000,345,603 | ---- | M] () -- C:\Users\sushikiste\Desktop\LolRofl.wma [2010.06.04 19:17:58 | 000,001,032 | ---- | M] () -- C:\Users\sushikiste\Desktop\DVDVideoSoft Free Studio.lnk [2010.06.04 19:10:33 | 000,198,520 | ---- | M] () -- C:\Users\sushikiste\Documents\League of Legends 2010-06-04 19-02-08-95.avi.sfk [2010.06.04 19:04:21 | 2935,082,064 | ---- | M] () -- C:\Users\sushikiste\Documents\League of Legends 2010-06-04 19-02-08-95.avi [2010.06.02 21:16:08 | 000,000,959 | ---- | M] () -- C:\Users\sushikiste\Desktop\TeamSpeak 3 Client.lnk [2010.06.01 22:10:57 | 868,713,536 | ---- | M] () -- C:\Users\sushikiste\Documents\League of Legends 2010-06-01 22-10-16-74.avi [2010.06.01 00:19:08 | 3102,811,456 | ---- | M] () -- C:\Users\sushikiste\Documents\League of Legends 2010-06-01 00-17-03-84.avi [2010.06.01 00:13:46 | 3414,904,832 | ---- | M] () -- C:\Users\sushikiste\Documents\League of Legends 2010-06-01 00-11-20-69.avi [2010.06.01 00:10:39 | 682,331,048 | ---- | M] () -- C:\Users\sushikiste\Documents\League of Legends 2010-06-01 00-10-11-06.avi [2010.05.30 18:43:39 | 000,396,280 | ---- | M] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 07-15-45-84.avi.sfk [2010.05.30 07:43:01 | 3355,544,680 | ---- | M] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 07-40-48-81.avi [2010.05.30 07:40:48 | 4195,460,336 | ---- | M] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 07-37-39-94.avi [2010.05.30 07:25:51 | 391,843,272 | ---- | M] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 07-25-14-96.avi [2010.05.30 07:25:15 | 4195,222,904 | ---- | M] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 07-20-33-37.avi [2010.05.30 07:20:33 | 4195,088,192 | ---- | M] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 07-15-45-84.avi [2010.05.30 04:33:54 | 615,926,080 | ---- | M] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 04-33-00-22.avi [2010.05.29 22:41:24 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\Medieval II Total War.lnk [2010.05.29 22:17:52 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2010.05.29 22:14:49 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys [2010.05.29 13:18:24 | 000,059,856 | ---- | M] () -- C:\Users\sushikiste\AppData\Local\GDIPFONTCACHEV1.DAT [2010.05.29 13:17:40 | 000,265,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.05.28 00:01:01 | 000,012,520 | ---- | M] () -- C:\Users\sushikiste\Documents\lol.mp3.sfk [2010.05.27 23:58:52 | 000,145,030 | ---- | M] () -- C:\Users\sushikiste\Documents\lol.mp3 [2010.05.27 23:58:13 | 000,000,802 | ---- | M] () -- C:\Users\sushikiste\Desktop\Audio Recorder Pro.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.24 13:32:27 | 000,000,302 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.06.24 13:32:24 | 000,000,302 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.06.24 12:35:45 | 000,163,328 | ---- | C] () -- C:\Users\sushikiste\Desktop\Yfr.exe [2010.06.23 19:50:29 | 000,001,834 | ---- | C] () -- C:\Users\sushikiste\Desktop\HijackThis.lnk [2010.06.21 17:54:37 | 006,879,088 | ---- | C] () -- C:\Users\sushikiste\Desktop\beathiphoplol.mp3 [2010.06.21 17:53:53 | 000,384,160 | ---- | C] () -- C:\Users\sushikiste\Desktop\Hip hop Beat in Fl studio 8 (Free MP3 Download).sfk [2010.06.21 17:47:04 | 000,025,194 | ---- | C] () -- C:\Users\sushikiste\Desktop\saftig.jpg [2010.06.20 22:42:19 | 000,023,976 | ---- | C] () -- C:\Users\sushikiste\Documents\Wow 2010-06-20 22-41-12-53.avi.sfk [2010.06.20 22:41:12 | 447,565,544 | ---- | C] () -- C:\Users\sushikiste\Documents\Wow 2010-06-20 22-41-12-53.avi [2010.06.18 14:07:22 | 000,000,600 | ---- | C] () -- C:\Users\sushikiste\Documents\Standard.sfvidcap [2010.06.16 23:22:37 | 000,022,496 | ---- | C] () -- C:\Users\sushikiste\Desktop\lolol.sfk [2010.06.16 23:22:25 | 002,871,340 | ---- | C] () -- C:\Users\sushikiste\Desktop\lolol.wav [2010.06.16 23:09:15 | 006,341,539 | ---- | C] () -- C:\Users\sushikiste\Desktop\joshasascha.wmv [2010.06.16 20:51:05 | 001,177,289 | ---- | C] () -- C:\Users\sushikiste\Desktop\peaceisalie.mp3 [2010.06.16 17:26:13 | 038,965,292 | ---- | C] () -- C:\Users\sushikiste\Desktop\Inner Circle - Sweat [A la la la la long] (Instrumental).wav [2010.06.16 16:54:13 | 049,164,332 | ---- | C] () -- C:\Users\sushikiste\Desktop\Hip hop Beat in Fl studio 8 (Free MP3 Download).wav [2010.06.15 00:04:38 | 002,042,465 | ---- | C] () -- C:\Users\sushikiste\Desktop\epictest.mp3 [2010.06.13 18:57:30 | 000,000,712 | ---- | C] () -- C:\Users\sushikiste\Desktop\Audacity.lnk [2010.06.13 18:53:43 | 000,214,592 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr [2010.06.13 18:35:10 | 000,138,968 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.06.13 18:35:09 | 000,139,152 | ---- | C] () -- C:\Users\sushikiste\AppData\Roaming\PnkBstrK.sys [2010.06.13 18:34:54 | 000,214,592 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.06.13 18:34:52 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2010.06.13 18:34:52 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010.06.11 22:32:51 | 000,000,606 | ---- | C] () -- C:\Users\sushikiste\Desktop\Wow - Verknüpfung.lnk [2010.06.10 21:37:55 | 005,293,527 | ---- | C] () -- C:\Users\sushikiste\Desktop\LoLRoflcopteR.wmv [2010.06.10 21:36:38 | 000,345,603 | ---- | C] () -- C:\Users\sushikiste\Desktop\LolRofl.wma [2010.06.04 19:17:58 | 000,001,032 | ---- | C] () -- C:\Users\sushikiste\Desktop\DVDVideoSoft Free Studio.lnk [2010.06.04 19:10:29 | 000,198,520 | ---- | C] () -- C:\Users\sushikiste\Documents\League of Legends 2010-06-04 19-02-08-95.avi.sfk [2010.06.04 19:02:08 | 2935,082,064 | ---- | C] () -- C:\Users\sushikiste\Documents\League of Legends 2010-06-04 19-02-08-95.avi [2010.06.01 22:10:16 | 868,713,536 | ---- | C] () -- C:\Users\sushikiste\Documents\League of Legends 2010-06-01 22-10-16-74.avi [2010.06.01 00:17:03 | 3102,811,456 | ---- | C] () -- C:\Users\sushikiste\Documents\League of Legends 2010-06-01 00-17-03-84.avi [2010.06.01 00:11:20 | 3414,904,832 | ---- | C] () -- C:\Users\sushikiste\Documents\League of Legends 2010-06-01 00-11-20-69.avi [2010.06.01 00:10:11 | 682,331,048 | ---- | C] () -- C:\Users\sushikiste\Documents\League of Legends 2010-06-01 00-10-11-06.avi [2010.05.30 18:43:01 | 000,396,280 | ---- | C] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 07-15-45-84.avi.sfk [2010.05.30 07:40:48 | 3355,544,680 | ---- | C] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 07-40-48-81.avi [2010.05.30 07:37:39 | 4195,460,336 | ---- | C] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 07-37-39-94.avi [2010.05.30 07:25:14 | 391,843,272 | ---- | C] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 07-25-14-96.avi [2010.05.30 07:20:33 | 4195,222,904 | ---- | C] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 07-20-33-37.avi [2010.05.30 07:15:45 | 4195,088,192 | ---- | C] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 07-15-45-84.avi [2010.05.30 04:33:00 | 615,926,080 | ---- | C] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 04-33-00-22.avi [2010.05.29 22:41:24 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\Medieval II Total War.lnk [2010.05.29 22:17:52 | 000,001,735 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2010.05.29 22:14:49 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.05.27 23:59:39 | 000,012,520 | ---- | C] () -- C:\Users\sushikiste\Documents\lol.mp3.sfk [2010.05.27 23:58:42 | 000,145,030 | ---- | C] () -- C:\Users\sushikiste\Documents\lol.mp3 [2010.05.27 23:58:13 | 000,000,802 | ---- | C] () -- C:\Users\sushikiste\Desktop\Audio Recorder Pro.lnk [2010.04.22 10:48:53 | 000,000,000 | ---- | C] () -- C:\Windows\I531_1013.INI [2007.03.12 12:01:30 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\sushikiste\Desktop\Zeug:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\sushikiste\Desktop\Videos:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\sushikiste\Desktop\Musik:Roxio EMC Stream < End of report > _________________________________________________________ OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.06.2010 13:34:23 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\sushikiste\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,04 Gb Total Space | 142,35 Gb Free Space | 49,42% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,83 Gb Free Space | 58,30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SUSHIKISTE-PC
Current User Name: sushikiste
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{174032D4-5922-4FD3-B911-C93DEE7D08DB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2E22349C-19F9-4AEB-8E4D-F26553FF796F}" = lport=6975 | protocol=17 | dir=in | name=league of legends launcher |
"{40A2B1D4-461D-4978-A149-E4D249CA9669}" = lport=6930 | protocol=6 | dir=in | name=league of legends launcher |
"{51E9C210-18A1-4FCF-A408-5DE58F135716}" = lport=6930 | protocol=17 | dir=in | name=league of legends launcher |
"{895B5833-ACBB-44EB-BBDB-23A957760230}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8B052060-58D1-4978-BC8B-15AAF815C78F}" = lport=6975 | protocol=6 | dir=in | name=league of legends launcher |
"{8B920C42-3DB4-4989-A33E-FB076FC96DB3}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{A101703D-12EE-4407-AD2E-BF1DB1C8AC95}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08E95800-5724-409A-AB51-249DFD858CB2}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{39188A78-79C6-43D4-9742-59E8907E8CFD}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{3DE38FB3-644D-4E2C-AAA7-3D37BC040E98}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{4276ACED-900F-4F02-9809-170D5419283C}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe |
"{66E6D965-A7FA-4222-9F28-EFDB6B315170}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{772E2233-F2F5-4EC8-BC93-166DF8FD7B8B}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{7C0DA0F3-2550-4444-97BA-5D28405FE2C4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{80A190B6-9BF0-4C4D-A3C3-CEC2B8E6282D}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe |
"{81A6B814-2EBD-49AC-82DE-60E9073226EA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{84F43093-CA1A-4631-AC9F-E0E03F5284B6}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{8EB3297E-FEC9-494F-B1FD-4DDEA159F2CC}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A7BEBE6F-3F91-48BB-BD2F-D9CA3257599B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AA8D778D-7678-4B40-A456-26FAE20C87C3}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{AD51EDD3-FAB6-47B0-AE47-397CABE3FABC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AD7D7896-4C5B-4ECE-B807-5CE2ED46D306}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{AE7EFB78-E63B-4A6F-9F40-D551BC922539}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{AFC6AB1A-5962-444C-B782-F0302723A211}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{B268C401-25FB-4570-9177-4D0DABDACA88}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B6246E90-7276-4BF8-87FA-90A06003633E}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{B86C0FE9-2196-4379-A832-9C4D5B465F47}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{BE50E380-F664-49C4-A748-BD5395B77FE4}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{C1FFA3C9-594E-452A-9115-00F6405E6228}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C75F760D-70DC-4B09-903A-311C21DE96B6}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe |
"{C8DA3027-A243-4F93-97CA-DFD70CC53975}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe |
"{D2286D3D-0B96-4317-9566-62E6FC9F5583}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F55A049C-E8C6-4CFE-AFD1-79F74E89363E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F8503D22-A725-4AA5-8B92-4909AED843EC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{1D8716D5-5AAD-4984-B6DD-82C649B9AACD}C:\users\sushikiste\desktop\world of warcraft papa\wow-3.0.1-to-3.0.2-dede-win-update-downloader.exe" = protocol=6 | dir=in | app=c:\users\sushikiste\desktop\world of warcraft papa\wow-3.0.1-to-3.0.2-dede-win-update-downloader.exe |
"TCP Query User{1F6D77E3-ECBA-484B-A637-6FDE926D6EE7}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{21B09996-06F4-43E4-B908-510B54924B6B}C:\users\sushikiste\desktop\loleudownloader.exe" = protocol=6 | dir=in | app=c:\users\sushikiste\desktop\loleudownloader.exe |
"TCP Query User{3EC295E9-CF8A-4D17-9855-0AD43B27A890}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"TCP Query User{B4A000B1-4233-4339-91C2-E75AACC0F2B0}C:\program files\ea sports\fifa online\nfe.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe |
"UDP Query User{1DA99920-2D07-4951-88A7-2243EA41B4B5}C:\program files\ea sports\fifa online\nfe.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe |
"UDP Query User{20223B92-A882-495D-A342-8534D7431287}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"UDP Query User{5DF47BED-0E00-44E5-85F8-D1E32FF6A91A}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{9CF36258-5BF6-48ED-B73C-612C36277E00}C:\users\sushikiste\desktop\world of warcraft papa\wow-3.0.1-to-3.0.2-dede-win-update-downloader.exe" = protocol=17 | dir=in | app=c:\users\sushikiste\desktop\world of warcraft papa\wow-3.0.1-to-3.0.2-dede-win-update-downloader.exe |
"UDP Query User{E7A97AD9-6A07-4BF7-A971-56B588234440}C:\users\sushikiste\desktop\loleudownloader.exe" = protocol=17 | dir=in | app=c:\users\sushikiste\desktop\loleudownloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.005.00
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{49058C21-E4F6-4A99-B715-D62715E0A2A2}" = Vegas Pro 9.0
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{6FE3B0CE-37C1-4825-908A-5A84C9B4EC2F}" = EA SPORTS(TM) FIFA Online
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"1EC636D2DBA2D9924E02E10DA797DEC16306C1A9" = Windows Driver Package - Logitech HIDClass (10/16/2006 1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AMDAway INF" = AMDAway INF
"Audacity_is1" = Audacity 1.2.6
"Audio Recorder Pro_is1" = Audio Recorder Pro 3.70
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free YouTube Download_is1" = Free YouTube Download 2.6
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Gothic II - Die Nacht des Raben" = Gothic II - Die Nacht des Raben
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"League of Legends_is1" = League of Legends
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McLoad Preinstaller" = McLoad Preinstaller
"MicRO 1.00" = MicRO 1.00
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"Precision" = EVGA Precision 1.7.1
"PunkBusterSvc" = PunkBuster Services
"SearchAnonymizer" = SearchAnonymizer
"SpeedFan" = SpeedFan (remove only)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Gothic Texture Patch - Freddy" = Freddy's Texture Patch BETA
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.05.2010 16:34:36 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Medieval_TW.EXE, Version 1.0.0.0, Zeitstempel
0x3f6824c2, fehlerhaftes Modul BugslayerUtil.dll, Version 6.0.6000.16386, Zeitstempel
0x4549bdc9, Ausnahmecode 0xc0000135, Fehleroffset 0x00008fc7, Prozess-ID 0x5f4,
Anwendungsstartzeit 01cb003783d8a95d.
Error - 30.05.2010 16:34:43 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Medieval_TW.EXE, Version 1.0.0.0, Zeitstempel
0x3f6824c2, fehlerhaftes Modul BugslayerUtil.dll, Version 6.0.6000.16386, Zeitstempel
0x4549bdc9, Ausnahmecode 0xc0000135, Fehleroffset 0x00008fc7, Prozess-ID 0x13fc,
Anwendungsstartzeit 01cb003788c0eaed.
Error - 01.06.2010 16:10:58 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung League of Legends.exe, Version 1.0.0.85, Zeitstempel
0x4be49c6b, fehlerhaftes Modul BugSplat.dll, Version 3.1.0.161, Zeitstempel 0x49c2b714,
Ausnahmecode 0xc0000005, Fehleroffset 0x00005ec2, Prozess-ID 0x1664, Anwendungsstartzeit
01cb01c64a98b6cd.
Error - 04.06.2010 14:49:37 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Dwm.exe, Version 6.0.6000.16386, Zeitstempel
0x4549aed1, fehlerhaftes Modul FRAPS.DLL_unloaded, Version 0.0.0.0, Zeitstempel
0x4a98b803, Ausnahmecode 0xc0000005, Fehleroffset 0x63587204, Prozess-ID 0xae4,
Anwendungsstartzeit 01cb03d943c0544e.
Error - 04.06.2010 14:49:37 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Taskmgr.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0b0, fehlerhaftes Modul FRAPS.DLL_unloaded, Version 0.0.0.0, Zeitstempel
0x4a98b803, Ausnahmecode 0xc0000005, Fehleroffset 0x63587204, Prozess-ID 0x15bc,
Anwendungsstartzeit 01cb0416abd24406.
Error - 04.06.2010 14:49:37 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung lol.launcher.exe, Version 1.0.0.29, Zeitstempel
0x4babcbed, fehlerhaftes Modul FRAPS.DLL_unloaded, Version 0.0.0.0, Zeitstempel
0x4a98b803, Ausnahmecode 0xc0000005, Fehleroffset 0x63587204, Prozess-ID 0xd70,
Anwendungsstartzeit 01cb041674ec2876.
Error - 04.06.2010 14:49:38 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung LOLClient.exe, Version 1.5.0.7220, Zeitstempel
0x49080dd2, fehlerhaftes Modul FRAPS.DLL_unloaded, Version 0.0.0.0, Zeitstempel
0x4a98b803, Ausnahmecode 0xc0000005, Fehleroffset 0x63587204, Prozess-ID 0xff0,
Anwendungsstartzeit 01cb041676b1f456.
Error - 06.06.2010 09:51:43 | Computer Name = sushikiste-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6000.16771 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: b8c Anfangszeit: 01cb056999d6d6a3 Zeitpunkt
der Beendigung: 99
Error - 11.06.2010 16:06:42 | Computer Name = sushikiste-PC | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 7.2.0.3129 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: de4 Anfangszeit: 01cb09a17b57edbc Zeitpunkt der Beendigung:
295
Error - 13.06.2010 13:04:02 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung audacity.exe, Version 0.0.0.0, Zeitstempel 0x455814e4,
fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode
0xc0000005, Fehleroffset 0x0003b15f, Prozess-ID 0xb0c, Anwendungsstartzeit 01cb0b19835f5abf.
[ System Events ]
Error - 23.04.2010 07:51:40 | Computer Name = sushikiste-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 23.04.2010 07:51:40 | Computer Name = sushikiste-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 23.04.2010 07:51:40 | Computer Name = sushikiste-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 23.04.2010 07:51:40 | Computer Name = sushikiste-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 23.04.2010 07:51:40 | Computer Name = sushikiste-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 23.04.2010 07:51:40 | Computer Name = sushikiste-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 23.04.2010 07:51:40 | Computer Name = sushikiste-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 23.04.2010 07:51:40 | Computer Name = sushikiste-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 23.04.2010 07:52:01 | Computer Name = sushikiste-PC | Source = DCOM | ID = 10005
Description =
Error - 23.04.2010 07:55:04 | Computer Name = sushikiste-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
24.06.2010, 13:13
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Icq Virus 'Schau dir das Bild mal an :D'Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.06.2010, 13:20
| #5 | |
| | Icq Virus 'Schau dir das Bild mal an :D'Zitat:
Soeben neues update auf '4232'. Vollscan gestartet und LogFiles werden in kürze neu gepostet! |
|
24.06.2010, 14:04
| #6 |
| | Icq Virus 'Schau dir das Bild mal an :D' So hier meine neuen malwarebytes logfiles: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4232 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 24.06.2010 15:02:46 mbam-log-2010-06-24 (15-02-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|K:\|) Durchsuchte Objekte: 220130 Laufzeit: 42 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 3 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: C:\Users\Public\winvsrnc.exe (Trojan.IRCBrute) -> No action taken. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows system updates (Trojan.IRCBrute) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Public\winvsrnc.exe (Trojan.IRCBrute) -> No action taken. C:\Users\sushikiste\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1TZR9IA1\install.52074[1].exe (Trojan.Downloader) -> No action taken. C:\Users\sushikiste\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> No action taken. C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken. 1. OTL LogFile OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.06.2010 15:05:05 - Run 2 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\sushikiste\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,04 Gb Total Space | 141,27 Gb Free Space | 49,05% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 5,83 Gb Free Space | 58,30% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SUSHIKISTE-PC Current User Name: sushikiste Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.06.24 14:04:56 | 000,176,128 | ---- | M] () -- C:\Users\SUSHIK~1\AppData\Local\Temp\Yfr.exe PRC - [2010.06.24 12:44:47 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\sushikiste\Desktop\OTL.exe PRC - [2010.06.23 19:33:05 | 000,070,656 | RHS- | M] () -- C:\Users\Public\winvsrnc.exe PRC - [2010.05.13 16:40:02 | 000,040,960 | ---- | M] () -- C:\Users\sushikiste\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe PRC - [2010.04.29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe PRC - [2010.04.21 01:05:35 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2010.04.21 00:34:24 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.03.18 01:43:38 | 000,835,952 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.02.18 12:49:40 | 000,357,448 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe PRC - [2010.02.18 12:47:34 | 003,203,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe PRC - [2010.02.18 12:25:20 | 000,498,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe PRC - [2010.02.18 12:25:10 | 000,477,768 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe PRC - [2010.02.18 12:24:42 | 001,573,448 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe PRC - [2010.02.18 12:24:32 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe PRC - [2010.02.18 12:24:22 | 000,523,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe PRC - [2010.02.18 12:24:12 | 000,676,424 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe PRC - [2007.09.04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe PRC - [2007.03.01 15:38:48 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.05.29 20:29:46 | 001,708,032 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ========== Modules (SafeList) ========== MOD - [2010.06.24 12:44:47 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\sushikiste\Desktop\OTL.exe MOD - [2006.11.02 11:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2006.11.02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.05.13 16:40:02 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\sushikiste\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2010.04.21 01:05:35 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2007.09.04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) ========== Driver Services (SafeList) ========== DRV - [2010.05.29 22:14:49 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2010.04.21 18:50:41 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\Windows\System32\SVKP.sys -- (SVKP) DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.11.23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid) DRV - [2009.11.23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.05.16 06:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV - [2008.05.16 06:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV - [2008.05.16 06:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 06:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 06:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV - [2008.05.16 06:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 06:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2007.09.17 00:07:00 | 007,624,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.09.04 19:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclock.sys -- (NVR0Dev) DRV - [2007.08.27 13:20:34 | 001,062,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.04.23 14:19:24 | 000,227,328 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B) DRV - [2007.03.01 16:21:10 | 001,744,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.02.22 03:55:35 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2007.02.22 03:55:35 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007.02.22 03:55:34 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2007.01.06 07:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2007.01.06 07:59:34 | 000,086,096 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce(tm) DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.11.02 09:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV) DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Ocs_SM] C:\Users\sushikiste\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [EBUNWVLUMV] C:\Users\SUSHIK~1\AppData\Local\Temp\Yfr.exe () O4 - HKCU..\Run: [Halo2] C:\Benutzer\sushikiste\AppData\Local\Temp\sshnas21.dll File not found O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) O4 - HKCU..\Run: [Windows System Updates] C:\Users\Public\winvsrnc.exe () O8 - Extra context menu item: Free YouTube Download - C:\Users\sushikiste\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab (EAFO3AXLauncher Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\sushikiste\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\sushikiste\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{ab8be8b0-6b5f-11df-a6db-001aa0594040}\Shell - "" = AutoRun O33 - MountPoints2\{ab8be8b0-6b5f-11df-a6db-001aa0594040}\Shell\AutoRun\command - "" = K:\Launch.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.24 12:44:47 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\sushikiste\Desktop\OTL.exe [2010.06.23 19:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010.06.23 19:49:52 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\sushikiste\Desktop\HJTInstall.exe [2010.06.13 18:57:57 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\Desktop\ertert_data [2010.06.13 18:57:29 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity [2010.06.13 18:57:12 | 002,228,534 | ---- | C] ( ) -- C:\Users\sushikiste\Desktop\audacity-win-1.2.6.exe [2010.06.13 18:53:40 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\AppData\Local\PunkBuster [2010.06.13 18:53:30 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\Documents\EA SPORTS(TM) FIFA Online [2010.06.13 18:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports [2010.06.13 18:31:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\FIFAOnlineSetup [2010.06.13 18:31:00 | 005,866,600 | ---- | C] (Electronic Arts) -- C:\Users\sushikiste\Desktop\FIFAOnlineSetup.exe [2010.06.06 17:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment [2010.06.06 15:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2010.06.06 15:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard [2010.06.06 15:46:33 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\Desktop\World of Warcraft [2010.06.06 15:44:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment [2010.06.04 19:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB [2010.06.04 19:18:01 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\AppData\Roaming\DVDVideoSoftIEHelpers [2010.05.29 22:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\SEGA [2010.05.29 22:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar [2010.05.29 22:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2010.05.29 22:14:19 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\AppData\Roaming\DAEMON Tools Lite [2010.05.29 22:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2010.05.29 21:53:09 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\Desktop\Medieval II - Total War [2010.05.27 23:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Audio Recorder Pro [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.24 15:06:39 | 002,097,152 | -HS- | M] () -- C:\Users\sushikiste\ntuser.dat [2010.06.24 15:05:01 | 000,000,302 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.06.24 14:44:36 | 000,000,302 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.06.24 14:31:12 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.24 14:31:12 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.24 13:36:50 | 000,641,106 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.24 13:36:50 | 000,609,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.24 13:36:50 | 000,103,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.24 13:36:49 | 001,461,736 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.24 13:36:49 | 000,116,500 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.24 13:31:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.24 13:31:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.24 13:29:43 | 002,773,612 | -H-- | M] () -- C:\Users\sushikiste\AppData\Local\IconCache.db [2010.06.24 12:44:47 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\sushikiste\Desktop\OTL.exe [2010.06.23 19:50:29 | 000,001,834 | ---- | M] () -- C:\Users\sushikiste\Desktop\HijackThis.lnk [2010.06.23 19:49:52 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\sushikiste\Desktop\HJTInstall.exe [2010.06.21 17:54:42 | 000,384,160 | ---- | M] () -- C:\Users\sushikiste\Desktop\Hip hop Beat in Fl studio 8 (Free MP3 Download).sfk [2010.06.21 17:54:40 | 006,879,088 | ---- | M] () -- C:\Users\sushikiste\Desktop\beathiphoplol.mp3 [2010.06.21 17:47:04 | 000,025,194 | ---- | M] () -- C:\Users\sushikiste\Desktop\saftig.jpg [2010.06.20 22:50:04 | 000,023,976 | ---- | M] () -- C:\Users\sushikiste\Documents\Wow 2010-06-20 22-41-12-53.avi.sfk [2010.06.20 22:41:46 | 000,037,888 | ---- | M] () -- C:\Users\sushikiste\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.20 22:41:28 | 447,565,544 | ---- | M] () -- C:\Users\sushikiste\Documents\Wow 2010-06-20 22-41-12-53.avi [2010.06.18 14:07:22 | 000,000,600 | ---- | M] () -- C:\Users\sushikiste\Documents\Standard.sfvidcap [2010.06.16 23:24:22 | 000,022,496 | ---- | M] () -- C:\Users\sushikiste\Desktop\lolol.sfk [2010.06.16 23:22:25 | 002,871,340 | ---- | M] () -- C:\Users\sushikiste\Desktop\lolol.wav [2010.06.16 23:10:25 | 006,341,539 | ---- | M] () -- C:\Users\sushikiste\Desktop\joshasascha.wmv [2010.06.16 20:51:06 | 001,177,289 | ---- | M] () -- C:\Users\sushikiste\Desktop\peaceisalie.mp3 [2010.06.16 17:26:15 | 038,965,292 | ---- | M] () -- C:\Users\sushikiste\Desktop\Inner Circle - Sweat [A la la la la long] (Instrumental).wav [2010.06.16 16:54:15 | 049,164,332 | ---- | M] () -- C:\Users\sushikiste\Desktop\Hip hop Beat in Fl studio 8 (Free MP3 Download).wav [2010.06.15 00:04:41 | 002,042,465 | ---- | M] () -- C:\Users\sushikiste\Desktop\epictest.mp3 [2010.06.14 16:09:03 | 000,138,968 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.06.14 16:08:55 | 000,214,592 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2010.06.13 18:57:30 | 000,000,712 | ---- | M] () -- C:\Users\sushikiste\Desktop\Audacity.lnk [2010.06.13 18:57:13 | 002,228,534 | ---- | M] ( ) -- C:\Users\sushikiste\Desktop\audacity-win-1.2.6.exe [2010.06.13 18:35:09 | 000,139,152 | ---- | M] () -- C:\Users\sushikiste\AppData\Roaming\PnkBstrK.sys [2010.06.13 18:34:52 | 000,794,408 | ---- | M] () -- C:\Windows\System32\pbsvc.exe [2010.06.13 18:31:09 | 005,866,600 | ---- | M] (Electronic Arts) -- C:\Users\sushikiste\Desktop\FIFAOnlineSetup.exe [2010.06.11 22:32:51 | 000,000,606 | ---- | M] () -- C:\Users\sushikiste\Desktop\Wow - Verknüpfung.lnk [2010.06.10 21:39:16 | 005,293,527 | ---- | M] () -- C:\Users\sushikiste\Desktop\LoLRoflcopteR.wmv [2010.06.10 21:36:38 | 000,345,603 | ---- | M] () -- C:\Users\sushikiste\Desktop\LolRofl.wma [2010.06.04 19:17:58 | 000,001,032 | ---- | M] () -- C:\Users\sushikiste\Desktop\DVDVideoSoft Free Studio.lnk [2010.06.04 19:10:33 | 000,198,520 | ---- | M] () -- C:\Users\sushikiste\Documents\League of Legends 2010-06-04 19-02-08-95.avi.sfk [2010.06.04 19:04:21 | 2935,082,064 | ---- | M] () -- C:\Users\sushikiste\Documents\League of Legends 2010-06-04 19-02-08-95.avi [2010.06.02 21:16:08 | 000,000,959 | ---- | M] () -- C:\Users\sushikiste\Desktop\TeamSpeak 3 Client.lnk [2010.06.01 22:10:57 | 868,713,536 | ---- | M] () -- C:\Users\sushikiste\Documents\League of Legends 2010-06-01 22-10-16-74.avi [2010.06.01 00:19:08 | 3102,811,456 | ---- | M] () -- C:\Users\sushikiste\Documents\League of Legends 2010-06-01 00-17-03-84.avi [2010.06.01 00:13:46 | 3414,904,832 | ---- | M] () -- C:\Users\sushikiste\Documents\League of Legends 2010-06-01 00-11-20-69.avi [2010.06.01 00:10:39 | 682,331,048 | ---- | M] () -- C:\Users\sushikiste\Documents\League of Legends 2010-06-01 00-10-11-06.avi [2010.05.30 18:43:39 | 000,396,280 | ---- | M] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 07-15-45-84.avi.sfk [2010.05.30 07:43:01 | 3355,544,680 | ---- | M] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 07-40-48-81.avi [2010.05.30 07:40:48 | 4195,460,336 | ---- | M] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 07-37-39-94.avi [2010.05.30 07:25:51 | 391,843,272 | ---- | M] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 07-25-14-96.avi [2010.05.30 07:25:15 | 4195,222,904 | ---- | M] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 07-20-33-37.avi [2010.05.30 07:20:33 | 4195,088,192 | ---- | M] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 07-15-45-84.avi [2010.05.30 04:33:54 | 615,926,080 | ---- | M] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 04-33-00-22.avi [2010.05.29 22:41:24 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\Medieval II Total War.lnk [2010.05.29 22:17:52 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2010.05.29 22:14:49 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys [2010.05.29 13:18:24 | 000,059,856 | ---- | M] () -- C:\Users\sushikiste\AppData\Local\GDIPFONTCACHEV1.DAT [2010.05.29 13:17:40 | 000,265,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.05.28 00:01:01 | 000,012,520 | ---- | M] () -- C:\Users\sushikiste\Documents\lol.mp3.sfk [2010.05.27 23:58:52 | 000,145,030 | ---- | M] () -- C:\Users\sushikiste\Documents\lol.mp3 [2010.05.27 23:58:13 | 000,000,802 | ---- | M] () -- C:\Users\sushikiste\Desktop\Audio Recorder Pro.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.24 13:32:27 | 000,000,302 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.06.24 13:32:24 | 000,000,302 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.06.23 19:50:29 | 000,001,834 | ---- | C] () -- C:\Users\sushikiste\Desktop\HijackThis.lnk [2010.06.21 17:54:37 | 006,879,088 | ---- | C] () -- C:\Users\sushikiste\Desktop\beathiphoplol.mp3 [2010.06.21 17:53:53 | 000,384,160 | ---- | C] () -- C:\Users\sushikiste\Desktop\Hip hop Beat in Fl studio 8 (Free MP3 Download).sfk [2010.06.21 17:47:04 | 000,025,194 | ---- | C] () -- C:\Users\sushikiste\Desktop\saftig.jpg [2010.06.20 22:42:19 | 000,023,976 | ---- | C] () -- C:\Users\sushikiste\Documents\Wow 2010-06-20 22-41-12-53.avi.sfk [2010.06.20 22:41:12 | 447,565,544 | ---- | C] () -- C:\Users\sushikiste\Documents\Wow 2010-06-20 22-41-12-53.avi [2010.06.18 14:07:22 | 000,000,600 | ---- | C] () -- C:\Users\sushikiste\Documents\Standard.sfvidcap [2010.06.16 23:22:37 | 000,022,496 | ---- | C] () -- C:\Users\sushikiste\Desktop\lolol.sfk [2010.06.16 23:22:25 | 002,871,340 | ---- | C] () -- C:\Users\sushikiste\Desktop\lolol.wav [2010.06.16 23:09:15 | 006,341,539 | ---- | C] () -- C:\Users\sushikiste\Desktop\joshasascha.wmv [2010.06.16 20:51:05 | 001,177,289 | ---- | C] () -- C:\Users\sushikiste\Desktop\peaceisalie.mp3 [2010.06.16 17:26:13 | 038,965,292 | ---- | C] () -- C:\Users\sushikiste\Desktop\Inner Circle - Sweat [A la la la la long] (Instrumental).wav [2010.06.16 16:54:13 | 049,164,332 | ---- | C] () -- C:\Users\sushikiste\Desktop\Hip hop Beat in Fl studio 8 (Free MP3 Download).wav [2010.06.15 00:04:38 | 002,042,465 | ---- | C] () -- C:\Users\sushikiste\Desktop\epictest.mp3 [2010.06.13 18:57:30 | 000,000,712 | ---- | C] () -- C:\Users\sushikiste\Desktop\Audacity.lnk [2010.06.13 18:53:43 | 000,214,592 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr [2010.06.13 18:35:10 | 000,138,968 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.06.13 18:35:09 | 000,139,152 | ---- | C] () -- C:\Users\sushikiste\AppData\Roaming\PnkBstrK.sys [2010.06.13 18:34:54 | 000,214,592 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.06.13 18:34:52 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2010.06.13 18:34:52 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010.06.11 22:32:51 | 000,000,606 | ---- | C] () -- C:\Users\sushikiste\Desktop\Wow - Verknüpfung.lnk [2010.06.10 21:37:55 | 005,293,527 | ---- | C] () -- C:\Users\sushikiste\Desktop\LoLRoflcopteR.wmv [2010.06.10 21:36:38 | 000,345,603 | ---- | C] () -- C:\Users\sushikiste\Desktop\LolRofl.wma [2010.06.04 19:17:58 | 000,001,032 | ---- | C] () -- C:\Users\sushikiste\Desktop\DVDVideoSoft Free Studio.lnk [2010.06.04 19:10:29 | 000,198,520 | ---- | C] () -- C:\Users\sushikiste\Documents\League of Legends 2010-06-04 19-02-08-95.avi.sfk [2010.06.04 19:02:08 | 2935,082,064 | ---- | C] () -- C:\Users\sushikiste\Documents\League of Legends 2010-06-04 19-02-08-95.avi [2010.06.01 22:10:16 | 868,713,536 | ---- | C] () -- C:\Users\sushikiste\Documents\League of Legends 2010-06-01 22-10-16-74.avi [2010.06.01 00:17:03 | 3102,811,456 | ---- | C] () -- C:\Users\sushikiste\Documents\League of Legends 2010-06-01 00-17-03-84.avi [2010.06.01 00:11:20 | 3414,904,832 | ---- | C] () -- C:\Users\sushikiste\Documents\League of Legends 2010-06-01 00-11-20-69.avi [2010.06.01 00:10:11 | 682,331,048 | ---- | C] () -- C:\Users\sushikiste\Documents\League of Legends 2010-06-01 00-10-11-06.avi [2010.05.30 18:43:01 | 000,396,280 | ---- | C] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 07-15-45-84.avi.sfk [2010.05.30 07:40:48 | 3355,544,680 | ---- | C] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 07-40-48-81.avi [2010.05.30 07:37:39 | 4195,460,336 | ---- | C] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 07-37-39-94.avi [2010.05.30 07:25:14 | 391,843,272 | ---- | C] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 07-25-14-96.avi [2010.05.30 07:20:33 | 4195,222,904 | ---- | C] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 07-20-33-37.avi [2010.05.30 07:15:45 | 4195,088,192 | ---- | C] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 07-15-45-84.avi [2010.05.30 04:33:00 | 615,926,080 | ---- | C] () -- C:\Users\sushikiste\Documents\medieval2 2010-05-30 04-33-00-22.avi [2010.05.29 22:41:24 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\Medieval II Total War.lnk [2010.05.29 22:17:52 | 000,001,735 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2010.05.29 22:14:49 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.05.27 23:59:39 | 000,012,520 | ---- | C] () -- C:\Users\sushikiste\Documents\lol.mp3.sfk [2010.05.27 23:58:42 | 000,145,030 | ---- | C] () -- C:\Users\sushikiste\Documents\lol.mp3 [2010.05.27 23:58:13 | 000,000,802 | ---- | C] () -- C:\Users\sushikiste\Desktop\Audio Recorder Pro.lnk [2010.04.22 10:48:53 | 000,000,000 | ---- | C] () -- C:\Windows\I531_1013.INI [2007.03.12 12:01:30 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\sushikiste\Desktop\Zeug:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\sushikiste\Desktop\Videos:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\sushikiste\Desktop\Musik:Roxio EMC Stream < End of report > Geändert von Randi (24.06.2010 um 14:10 Uhr) |
|
24.06.2010, 14:11
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Icq Virus 'Schau dir das Bild mal an :D' Hast Du alle Funde entfernt?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.06.2010, 14:12
| #8 |
| | Icq Virus 'Schau dir das Bild mal an :D' Soeben erledigt. Nun erstmal den PC neustarten. |
|
24.06.2010, 15:31
| #9 |
| | Icq Virus 'Schau dir das Bild mal an :D' seit dem neustart scheint alles i.O zu sein und die .exe datein (z.B ypr.exe), die immer aus 3 buchstaben bestanden sind aus meinem AppData/Local/Temp ordner auch weg und erneuern sich nicht mehr. sieht der rest der LogFiles so weit okay aus? wenn ja, herzliches dankeschön   |
|
24.06.2010, 15:34
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Icq Virus 'Schau dir das Bild mal an :D' Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
PRC - [2010.06.24 14:04:56 | 000,176,128 | ---- | M] () -- C:\Users\SUSHIK~1\AppData\Local\Temp\Yfr.exe
PRC - [2010.06.23 19:33:05 | 000,070,656 | RHS- | M] () -- C:\Users\Public\winvsrnc.exe
O4 - HKCU..\Run: [EBUNWVLUMV] C:\Users\SUSHIK~1\AppData\Local\Temp\Yfr.exe ()
O4 - HKCU..\Run: [Halo2] C:\Benutzer\sushikiste\AppData\Local\Temp\sshnas21.dll File not found
O4 - HKCU..\Run: [Windows System Updates] C:\Users\Public\winvsrnc.exe ()
:Files
C:\Users\SUSHIK~1\AppData\Local\Temp\Yfr.exe
C:\Users\Public\winvsrnc.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.06.2010, 15:39
| #11 |
| | Icq Virus 'Schau dir das Bild mal an :D' Hier das neue LogFile: Code:
ATTFilter All processes killed
========== OTL ==========
No active process named Yfr.exe was found!
No active process named winvsrnc.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EBUNWVLUMV not found.
File C:\Users\SUSHIK~1\AppData\Local\Temp\Yfr.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Halo2 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows System Updates not found.
File C:\Users\Public\winvsrnc.exe not found.
========== FILES ==========
File\Folder C:\Users\SUSHIK~1\AppData\Local\Temp\Yfr.exe not found.
File\Folder C:\Users\Public\winvsrnc.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: sushikiste
->Temp folder emptied: 703035 bytes
->Temporary Internet Files folder emptied: 1442780 bytes
->Flash cache emptied: 43113 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 86216 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2,00 mb
OTL by OldTimer - Version 3.2.7.0 log created on 06242010_163604
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
24.06.2010, 15:41
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Icq Virus 'Schau dir das Bild mal an :D' Ok. Mach bitte noch einen Durchgang mit CF: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.06.2010, 16:01
| #13 |
| | Icq Virus 'Schau dir das Bild mal an :D' So und hier mein ComboFix LogFile: Code:
ATTFilter Combofix Logfile: |
|
24.06.2010, 19:12
| #14 |
| | Icq Virus 'Schau dir das Bild mal an :D' nun alles i.O.? bin etwas verwirrt weil ich 3 stunden lang keine antwort bekommen habe. könnt ja sein dass mein thread etwas untergegangen ist oder so  btw, wie verhält es sich hier mit doppel-posts? |
|
24.06.2010, 20:18
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Icq Virus 'Schau dir das Bild mal an :D' Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Icq Virus 'Schau dir das Bild mal an :D' |
| adobe, antivir, antivir guard, ask toolbar, ask.com, avg, avira, bho, bonjour, defender, desktop, explorer, hijack, hijackthis, internet, internet explorer, launch, netgear, object, problem, rundll, senden, software, system, updates, virus, vista, windows, windows system |
Linear-Darstellung
