| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: win32/renos.MQWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.08.2010, 15:12
| #1 |
 |  win32/renos.MQ hallo erstmal also seit heute morgen (4.00 uhr) kommt bei mir ständig eine meldung vom windows defender, bei der er sagt ich sei vom win32/renos.mq befallen. nach mehrmaligem versuch es zu entfernen hab ich auch eine quarantäne versucht ebenso erfolglos was kann ich tun? bisher hab ich einen vollständigen scan mit antivir versucht (ohne erfolg) hab auch tuneup gestartet und mir angesehen was so automatisch gestartet werden soll wobei mir 2 einträge aufgefallen sind einmal startet er ydl (was immer das auch ist) und ein winzip 7 power archiv (war vorher nicht da) nach einer google suche wurd mehrmals eine neuformatierung geraten hab eine externe platte dran hängen die auch?? und kann ich eine datensicherung durchführen ?? |
|
07.08.2010, 15:19
| #2 |
| /// Malware-holic   | win32/renos.MQ ne datensicherung kannst du durchführen, je nach dem, machst du online banking oder ähnliches?
__________________ich möchte trotzdem mal n blick werfen. ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide logs |
|
07.08.2010, 15:46
| #3 |
| | win32/renos.MQ kein online banking
__________________hier die extras.txt OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.08.2010 16:22:54 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Shargan.Immolatus\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 458,53 Gb Total Space | 69,80 Gb Free Space | 15,22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 465,76 Gb Total Space | 199,85 Gb Free Space | 42,91% Space Free | Partition Type: NTFS
Computer Name: IMMOLATUS
Current User Name: Shargan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2805695796-2745399140-4180009984-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08D5EFC5-EB83-4A2A-80D1-858D4658CB17}" = protocol=17 | dir=in | app=c:\spiele\r6vegas2\binaries\r6vegas2_launcher.exe |
"{09607472-2EF3-42AB-9CC7-863AA3722B70}" = protocol=6 | dir=in | app=c:\spiele\r6vegas2\binaries\r6vegas2_launcher.exe |
"{11A148B8-D8DA-430B-A97D-23A2E6EF2104}" = protocol=17 | dir=in | app=c:\spiele\left4dead\steamapps\common\aliens vs predator\avp.exe |
"{14AE9536-B640-4045-9EFC-8EA4ABD2DCCA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{1D398CB1-0389-4375-85F9-C7901D9F8FCB}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{281B0F68-1D29-4611-9C35-6C0778D28D3E}" = protocol=17 | dir=in | app=c:\spiele\left4dead\steamapps\common\dawn of war 2\dow2.exe |
"{2DF56438-B783-45DC-B31A-4D7B729FA707}" = protocol=6 | dir=in | app=c:\spiele\left4dead\steamapps\common\aliens vs predator\avp_launcher.exe |
"{33115557-E3C1-46CA-B72F-2BD95D227B72}" = protocol=6 | dir=in | app=c:\spiele\r6vegas2\binaries\r6vegas2_game.exe |
"{33E2A0E5-47D8-404F-B998-C90C7578953E}" = protocol=17 | dir=in | app=c:\spiele\dragon age\daoriginslauncher.exe |
"{34BA5B8B-F113-4E91-8046-B3636FCE3554}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{354F0F10-6520-44B5-A5CC-67181D02BD02}" = protocol=17 | dir=in | app=c:\spiele\aoe3\age3y.exe |
"{3B1133A1-7B56-482C-AD63-88650DDF6C18}" = protocol=17 | dir=in | app=c:\spiele\left4dead\steamapps\common\aliens vs predator\avp_launcher.exe |
"{429053B4-96D9-43A5-A6C3-92565C737A49}" = protocol=6 | dir=in | app=c:\spiele\left4dead\steamapps\common\left 4 dead\left4dead.exe |
"{51947FA6-D4ED-4C6A-9079-0D512839F6C5}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{59EEE45B-0586-4602-9A1D-C6EDDF768CD6}" = dir=in | app=c:\spiele\command & conquer 3\retailexe\1.0\cnc3game.dat |
"{5EED6D82-B818-401B-BD4D-3FC6624A9104}" = protocol=6 | dir=in | app=c:\spiele\dragon age\bin_ship\daupdatersvc.service.exe |
"{643086F3-B40C-47B0-B1AA-DF6AEF5ECFA6}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{6628992D-2EC3-4423-B863-204851F01605}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{66AE279B-5A7A-4C79-B9AC-A7CE88264510}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{73C57D23-D6B7-4CB0-B3C7-9E5009500A69}" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\starcraft ii.exe |
"{76E222E4-A225-4244-AC0D-565D6880A977}" = protocol=6 | dir=in | app=c:\spiele\left4dead\steamapps\common\aliens vs predator\avp_dx11.exe |
"{7C9FBA9E-EA8A-45AF-842C-ABC0A58427F6}" = protocol=6 | dir=in | app=c:\spiele\dragon age\bin_ship\daorigins.exe |
"{8D3E0AF3-D3A9-4CBA-9895-9D68978800A7}" = protocol=17 | dir=in | app=c:\spiele\dragon age\bin_ship\daorigins.exe |
"{8DD252E7-495B-400F-8EBE-589DE3C859C3}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{95694856-36B3-4325-87D3-02EC54E2B4A3}" = protocol=17 | dir=in | app=c:\spiele\sacred 2 - fallen angel\system\s2gs.exe |
"{972C7525-F3EA-4ADE-AF44-03405750BA18}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{990E2CD3-5227-4970-A036-8107F31EB2DC}" = protocol=17 | dir=in | app=c:\spiele\r6vegas2\binaries\r6vegas2_game.exe |
"{A5085C98-D44F-4691-8105-EE7D05F7E057}" = protocol=17 | dir=in | app=c:\spiele\left4dead\steamapps\common\aliens vs predator\avp_dx11.exe |
"{AA3C8404-973E-43A8-8B59-53E25F8A9900}" = protocol=6 | dir=in | app=c:\spiele\dragon age\daoriginslauncher.exe |
"{B03C56FB-844E-41C1-9D79-290D250524AE}" = protocol=17 | dir=in | app=c:\spiele\left4dead\steamapps\common\left 4 dead\left4dead.exe |
"{B3AEA3DD-2CE3-4F3F-BE65-BC284879CC6E}" = protocol=6 | dir=in | app=c:\spiele\sacred 2 - fallen angel\system\s2gs.exe |
"{B914CFE0-3AF7-40F1-BC46-DBE92EFEE3EE}" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\starcraft ii.exe |
"{C18C4B81-7B05-4E8C-A7F7-6007DD3A0338}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{C52DB1D5-624E-43F2-B0A7-2E9F207EB8A3}" = protocol=6 | dir=in | app=c:\spiele\left4dead\steamapps\common\aliens vs predator\avp.exe |
"{C57B18E0-B6AA-48FF-B3D7-9378078D7A93}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{D77847D4-4520-4175-9934-4F3D3454BC96}" = protocol=6 | dir=in | app=c:\spiele\left4dead\steamapps\common\dawn of war 2\dow2.exe |
"{DBEF6C52-1418-4719-996F-F096920DE26C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0B7A6D4-946C-4F39-AE8A-5B351EBB8C48}" = protocol=17 | dir=in | app=c:\spiele\dragon age\bin_ship\daupdatersvc.service.exe |
"{E2AECE61-8902-4579-80AC-69336574E7DE}" = protocol=17 | dir=in | app=c:\spiele\sacred 2 - fallen angel\system\sacred2.exe |
"{ED595F45-50B1-4121-822F-AD107ED91E79}" = protocol=6 | dir=in | app=c:\spiele\sacred 2 - fallen angel\system\sacred2.exe |
"{F47105BB-50BC-4969-B0F3-535F12A5D839}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F7370B4C-0E9C-4041-AC56-14F480DEB5F3}" = protocol=6 | dir=in | app=c:\spiele\aoe3\age3y.exe |
"{FBE1E119-E601-49CE-A016-B26B988AD6C3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{FC040FB2-47DB-4149-B487-CE30593C0FE2}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"TCP Query User{18D21812-6EC6-430D-9FA1-6BA5AE85242C}C:\spiele\left4dead\steam.exe" = protocol=6 | dir=in | app=c:\spiele\left4dead\steam.exe |
"TCP Query User{1A77C3CA-0994-4EDD-A73F-5562FDA2B214}C:\spiele\anno1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\spiele\anno1404\tools\anno4web.exe |
"TCP Query User{1C83264D-BB92-4C4D-AC02-00BA9003A6AD}C:\spiele\splinter cell\system\splintercell3.exe" = protocol=6 | dir=in | app=c:\spiele\splinter cell\system\splintercell3.exe |
"TCP Query User{44A3BA02-1501-4292-BFD7-B898A5085433}I:\eve\bin\exefile.exe" = protocol=6 | dir=in | app=i:\eve\bin\exefile.exe |
"TCP Query User{5B38389D-CDD5-4B79-BB37-9FC5EDED6521}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{5C50F150-BB5A-42EA-B169-2376AD83C1DA}C:\spiele\mtk\mtx.exe" = protocol=6 | dir=in | app=c:\spiele\mtk\mtx.exe |
"TCP Query User{5F7DAA1E-6D50-4868-8DAA-B6A4500DC611}C:\spiele\anno1701\anno1701.exe" = protocol=6 | dir=in | app=c:\spiele\anno1701\anno1701.exe |
"TCP Query User{63548E3A-9C93-4771-8A69-1991AB2EDC85}C:\spiele\alarmstufe rot 3\data\ra3_1.0.game" = protocol=6 | dir=in | app=c:\spiele\alarmstufe rot 3\data\ra3_1.0.game |
"TCP Query User{7D9C0C7E-B38C-4C44-80EA-B227F0464064}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{9215F8AC-C9A2-46A2-8E53-C37396E39F8D}C:\spiele\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe |
"TCP Query User{A200F425-E19E-4405-AB5D-8DF15A9DEE4D}C:\spiele\bg\bgmain.exe" = protocol=6 | dir=in | app=c:\spiele\bg\bgmain.exe |
"TCP Query User{BD8EDCD2-681E-4F57-8532-BEF65CA874B8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{136F2609-4CA4-49F6-8BE3-B8498C1850E0}C:\spiele\anno1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\spiele\anno1404\tools\anno4web.exe |
"UDP Query User{2997D3A9-D8C1-4D96-9741-BD2ABD32149E}C:\spiele\alarmstufe rot 3\data\ra3_1.0.game" = protocol=17 | dir=in | app=c:\spiele\alarmstufe rot 3\data\ra3_1.0.game |
"UDP Query User{357CEC6B-51E2-4CA3-ACEF-8300A51CC248}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{38C6E472-B787-4F70-84CB-86F8C83F6144}I:\eve\bin\exefile.exe" = protocol=17 | dir=in | app=i:\eve\bin\exefile.exe |
"UDP Query User{4730B813-52BB-4E8C-A7F3-9A2EF6F921ED}C:\spiele\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe |
"UDP Query User{551FBF83-80EC-45AA-997E-8F0B33EC3568}C:\spiele\bg\bgmain.exe" = protocol=17 | dir=in | app=c:\spiele\bg\bgmain.exe |
"UDP Query User{84113741-4858-48E9-AAA3-A37F2B699055}C:\spiele\left4dead\steam.exe" = protocol=17 | dir=in | app=c:\spiele\left4dead\steam.exe |
"UDP Query User{84D61568-B877-4A8E-8084-50BC6AB91305}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8642348D-F6C8-4949-A8CB-78D0B6543C15}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{9D82DF26-29AA-4E62-867E-AA6F48F5A75D}C:\spiele\mtk\mtx.exe" = protocol=17 | dir=in | app=c:\spiele\mtk\mtx.exe |
"UDP Query User{C589C5CF-F6A5-41CA-9CCE-5F7A3CA186AD}C:\spiele\anno1701\anno1701.exe" = protocol=17 | dir=in | app=c:\spiele\anno1701\anno1701.exe |
"UDP Query User{EED876C5-8025-4B0D-BCA0-B4744889B82A}C:\spiele\splinter cell\system\splintercell3.exe" = protocol=17 | dir=in | app=c:\spiele\splinter cell\system\splintercell3.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{18039280-98B7-4C5E-AAC0-10EBC9731031}" = Nero 7 Essentials
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{440002B9-AB9A-48C2-88F8-409BFC7AB75F}" = EveHQ
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6583D00E-0924-4950-8BE9-5D09FE70B333}" = MTX
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8D91F8B1-6520-4D1A-91E9-56D53E0DA2A3}" = Alienware AlienFX
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E43ED0A0-C85E-40F0-807C-6A8A9D2FAEF3}_is1" = King’s Bounty: The Legend (Nur entfernen)
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Able RAWer_is1" = Able RAWer 1.4.9.30
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Wonders Shadow Magic" = Age of Wonders Shadow Magic
"AlienRespawn20_AD" = AlienRespawn v2.0
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Baldur's Gate" = Baldur's Gate
"Black Mirror 2_is1" = Black Mirror 2
"CD Audio MP3 Converter" = CD Audio MP3 Converter
"Conquest: Frontier Wars 1.00" = Conquest: Frontier Wars
"DivX Setup.divx.com" = DivX-Setup
"Drakensang_is1" = Drakensang
"EVE" = EVE Online (remove only)
"ImTOO MP4 Video Converter" = ImTOO MP4 Video Converter
"InstallShield_{8D91F8B1-6520-4D1A-91E9-56D53E0DA2A3}" = Alienware AlienFX
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"Jagged Alliance 2" = Jagged Alliance 2
"Jagged Alliance 2: Unfinished Business" = Jagged Alliance 2: Unfinished Business
"Lula 3D - Demo" = Lula 3D - Demo
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mount&Blade" = Mount&Blade
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OPERATION7" = OPERATION7
"PowerStrip 3 (remove only)" = PowerStrip 3 (remove only)
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"StarCraft II" = StarCraft II
"Steam App 10680" = Aliens vs Predator
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 500" = Left 4 Dead
"SystemRequirementsLab" = System Requirements Lab
"TBSB00982.TBSB00982Toolbar" = Ant.com Toolbar
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.0.0-rc2
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.07.2010 14:18:00 | Computer Name = Immolatus | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 29.07.2010 05:49:23 | Computer Name = Immolatus | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 29.07.2010 05:49:23 | Computer Name = Immolatus | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 29.07.2010 19:25:38 | Computer Name = Immolatus | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 29.07.2010 19:25:38 | Computer Name = Immolatus | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.07.2010 08:59:14 | Computer Name = Immolatus | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.07.2010 08:59:14 | Computer Name = Immolatus | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.07.2010 16:01:20 | Computer Name = Immolatus | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.07.2010 16:01:20 | Computer Name = Immolatus | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.07.2010 16:05:25 | Computer Name = Immolatus | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NeroStartSmart.exe, Version 3.5.5.0, Zeitstempel
0x451d82a6, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd,
Ausnahmecode 0xc0000005, Fehleroffset 0x000347b8, Prozess-ID 0x7e4, Anwendungsstartzeit
01cb3022888603b3.
[ System Events ]
Error - 15.07.2009 09:00:59 | Computer Name = Immolatus | Source = HTTP | ID = 15016
Description =
Error - 15.07.2009 15:18:36 | Computer Name = Immolatus | Source = HTTP | ID = 15016
Description =
Error - 16.07.2009 07:44:40 | Computer Name = Immolatus | Source = HTTP | ID = 15016
Description =
Error - 16.07.2009 10:03:33 | Computer Name = Immolatus | Source = HTTP | ID = 15016
Description =
Error - 16.07.2009 13:53:17 | Computer Name = Immolatus | Source = HTTP | ID = 15016
Description =
Error - 16.07.2009 15:57:21 | Computer Name = Immolatus | Source = HTTP | ID = 15016
Description =
Error - 17.07.2009 16:00:03 | Computer Name = Immolatus | Source = HTTP | ID = 15016
Description =
Error - 17.07.2009 18:22:17 | Computer Name = Immolatus | Source = Schannel | ID = 36874
Description = Eine SSL-Verbindungsanforderung wurde von einer Remoteclientanwendung
übermittelt, aber keine der Verschlüsselungssammlungen, die von der Clientanwendung
unterstützt werden, werden vom Server unterstützt. Die SSL-Verbindungsanforderung
ist fehlgeschlagen.
Error - 18.07.2009 07:02:24 | Computer Name = Immolatus | Source = HTTP | ID = 15016
Description =
Error - 18.07.2009 12:03:18 | Computer Name = Immolatus | Source = HTTP | ID = 15016
Description =
< End of report >
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2805695796-2745399140-4180009984-1000] "EnableNotifications" = 1 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08D5EFC5-EB83-4A2A-80D1-858D4658CB17}" = protocol=17 | dir=in | app=c:\spiele\r6vegas2\binaries\r6vegas2_launcher.exe | "{09607472-2EF3-42AB-9CC7-863AA3722B70}" = protocol=6 | dir=in | app=c:\spiele\r6vegas2\binaries\r6vegas2_launcher.exe | "{11A148B8-D8DA-430B-A97D-23A2E6EF2104}" = protocol=17 | dir=in | app=c:\spiele\left4dead\steamapps\common\aliens vs predator\avp.exe | "{14AE9536-B640-4045-9EFC-8EA4ABD2DCCA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{1D398CB1-0389-4375-85F9-C7901D9F8FCB}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | "{281B0F68-1D29-4611-9C35-6C0778D28D3E}" = protocol=17 | dir=in | app=c:\spiele\left4dead\steamapps\common\dawn of war 2\dow2.exe | "{2DF56438-B783-45DC-B31A-4D7B729FA707}" = protocol=6 | dir=in | app=c:\spiele\left4dead\steamapps\common\aliens vs predator\avp_launcher.exe | "{33115557-E3C1-46CA-B72F-2BD95D227B72}" = protocol=6 | dir=in | app=c:\spiele\r6vegas2\binaries\r6vegas2_game.exe | "{33E2A0E5-47D8-404F-B998-C90C7578953E}" = protocol=17 | dir=in | app=c:\spiele\dragon age\daoriginslauncher.exe | "{34BA5B8B-F113-4E91-8046-B3636FCE3554}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{354F0F10-6520-44B5-A5CC-67181D02BD02}" = protocol=17 | dir=in | app=c:\spiele\aoe3\age3y.exe | "{3B1133A1-7B56-482C-AD63-88650DDF6C18}" = protocol=17 | dir=in | app=c:\spiele\left4dead\steamapps\common\aliens vs predator\avp_launcher.exe | "{429053B4-96D9-43A5-A6C3-92565C737A49}" = protocol=6 | dir=in | app=c:\spiele\left4dead\steamapps\common\left 4 dead\left4dead.exe | "{51947FA6-D4ED-4C6A-9079-0D512839F6C5}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{59EEE45B-0586-4602-9A1D-C6EDDF768CD6}" = dir=in | app=c:\spiele\command & conquer 3\retailexe\1.0\cnc3game.dat | "{5EED6D82-B818-401B-BD4D-3FC6624A9104}" = protocol=6 | dir=in | app=c:\spiele\dragon age\bin_ship\daupdatersvc.service.exe | "{643086F3-B40C-47B0-B1AA-DF6AEF5ECFA6}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | "{6628992D-2EC3-4423-B863-204851F01605}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe | "{66AE279B-5A7A-4C79-B9AC-A7CE88264510}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{73C57D23-D6B7-4CB0-B3C7-9E5009500A69}" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\starcraft ii.exe | "{76E222E4-A225-4244-AC0D-565D6880A977}" = protocol=6 | dir=in | app=c:\spiele\left4dead\steamapps\common\aliens vs predator\avp_dx11.exe | "{7C9FBA9E-EA8A-45AF-842C-ABC0A58427F6}" = protocol=6 | dir=in | app=c:\spiele\dragon age\bin_ship\daorigins.exe | "{8D3E0AF3-D3A9-4CBA-9895-9D68978800A7}" = protocol=17 | dir=in | app=c:\spiele\dragon age\bin_ship\daorigins.exe | "{8DD252E7-495B-400F-8EBE-589DE3C859C3}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{95694856-36B3-4325-87D3-02EC54E2B4A3}" = protocol=17 | dir=in | app=c:\spiele\sacred 2 - fallen angel\system\s2gs.exe | "{972C7525-F3EA-4ADE-AF44-03405750BA18}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{990E2CD3-5227-4970-A036-8107F31EB2DC}" = protocol=17 | dir=in | app=c:\spiele\r6vegas2\binaries\r6vegas2_game.exe | "{A5085C98-D44F-4691-8105-EE7D05F7E057}" = protocol=17 | dir=in | app=c:\spiele\left4dead\steamapps\common\aliens vs predator\avp_dx11.exe | "{AA3C8404-973E-43A8-8B59-53E25F8A9900}" = protocol=6 | dir=in | app=c:\spiele\dragon age\daoriginslauncher.exe | "{B03C56FB-844E-41C1-9D79-290D250524AE}" = protocol=17 | dir=in | app=c:\spiele\left4dead\steamapps\common\left 4 dead\left4dead.exe | "{B3AEA3DD-2CE3-4F3F-BE65-BC284879CC6E}" = protocol=6 | dir=in | app=c:\spiele\sacred 2 - fallen angel\system\s2gs.exe | "{B914CFE0-3AF7-40F1-BC46-DBE92EFEE3EE}" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\starcraft ii.exe | "{C18C4B81-7B05-4E8C-A7F7-6007DD3A0338}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe | "{C52DB1D5-624E-43F2-B0A7-2E9F207EB8A3}" = protocol=6 | dir=in | app=c:\spiele\left4dead\steamapps\common\aliens vs predator\avp.exe | "{C57B18E0-B6AA-48FF-B3D7-9378078D7A93}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{D77847D4-4520-4175-9934-4F3D3454BC96}" = protocol=6 | dir=in | app=c:\spiele\left4dead\steamapps\common\dawn of war 2\dow2.exe | "{DBEF6C52-1418-4719-996F-F096920DE26C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E0B7A6D4-946C-4F39-AE8A-5B351EBB8C48}" = protocol=17 | dir=in | app=c:\spiele\dragon age\bin_ship\daupdatersvc.service.exe | "{E2AECE61-8902-4579-80AC-69336574E7DE}" = protocol=17 | dir=in | app=c:\spiele\sacred 2 - fallen angel\system\sacred2.exe | "{ED595F45-50B1-4121-822F-AD107ED91E79}" = protocol=6 | dir=in | app=c:\spiele\sacred 2 - fallen angel\system\sacred2.exe | "{F47105BB-50BC-4969-B0F3-535F12A5D839}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{F7370B4C-0E9C-4041-AC56-14F480DEB5F3}" = protocol=6 | dir=in | app=c:\spiele\aoe3\age3y.exe | "{FBE1E119-E601-49CE-A016-B26B988AD6C3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe | "{FC040FB2-47DB-4149-B487-CE30593C0FE2}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe | "TCP Query User{18D21812-6EC6-430D-9FA1-6BA5AE85242C}C:\spiele\left4dead\steam.exe" = protocol=6 | dir=in | app=c:\spiele\left4dead\steam.exe | "TCP Query User{1A77C3CA-0994-4EDD-A73F-5562FDA2B214}C:\spiele\anno1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\spiele\anno1404\tools\anno4web.exe | "TCP Query User{1C83264D-BB92-4C4D-AC02-00BA9003A6AD}C:\spiele\splinter cell\system\splintercell3.exe" = protocol=6 | dir=in | app=c:\spiele\splinter cell\system\splintercell3.exe | "TCP Query User{44A3BA02-1501-4292-BFD7-B898A5085433}I:\eve\bin\exefile.exe" = protocol=6 | dir=in | app=i:\eve\bin\exefile.exe | "TCP Query User{5B38389D-CDD5-4B79-BB37-9FC5EDED6521}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{5C50F150-BB5A-42EA-B169-2376AD83C1DA}C:\spiele\mtk\mtx.exe" = protocol=6 | dir=in | app=c:\spiele\mtk\mtx.exe | "TCP Query User{5F7DAA1E-6D50-4868-8DAA-B6A4500DC611}C:\spiele\anno1701\anno1701.exe" = protocol=6 | dir=in | app=c:\spiele\anno1701\anno1701.exe | "TCP Query User{63548E3A-9C93-4771-8A69-1991AB2EDC85}C:\spiele\alarmstufe rot 3\data\ra3_1.0.game" = protocol=6 | dir=in | app=c:\spiele\alarmstufe rot 3\data\ra3_1.0.game | "TCP Query User{7D9C0C7E-B38C-4C44-80EA-B227F0464064}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{9215F8AC-C9A2-46A2-8E53-C37396E39F8D}C:\spiele\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe | "TCP Query User{A200F425-E19E-4405-AB5D-8DF15A9DEE4D}C:\spiele\bg\bgmain.exe" = protocol=6 | dir=in | app=c:\spiele\bg\bgmain.exe | "TCP Query User{BD8EDCD2-681E-4F57-8532-BEF65CA874B8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{136F2609-4CA4-49F6-8BE3-B8498C1850E0}C:\spiele\anno1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\spiele\anno1404\tools\anno4web.exe | "UDP Query User{2997D3A9-D8C1-4D96-9741-BD2ABD32149E}C:\spiele\alarmstufe rot 3\data\ra3_1.0.game" = protocol=17 | dir=in | app=c:\spiele\alarmstufe rot 3\data\ra3_1.0.game | "UDP Query User{357CEC6B-51E2-4CA3-ACEF-8300A51CC248}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{38C6E472-B787-4F70-84CB-86F8C83F6144}I:\eve\bin\exefile.exe" = protocol=17 | dir=in | app=i:\eve\bin\exefile.exe | "UDP Query User{4730B813-52BB-4E8C-A7F3-9A2EF6F921ED}C:\spiele\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe | "UDP Query User{551FBF83-80EC-45AA-997E-8F0B33EC3568}C:\spiele\bg\bgmain.exe" = protocol=17 | dir=in | app=c:\spiele\bg\bgmain.exe | "UDP Query User{84113741-4858-48E9-AAA3-A37F2B699055}C:\spiele\left4dead\steam.exe" = protocol=17 | dir=in | app=c:\spiele\left4dead\steam.exe | "UDP Query User{84D61568-B877-4A8E-8084-50BC6AB91305}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{8642348D-F6C8-4949-A8CB-78D0B6543C15}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{9D82DF26-29AA-4E62-867E-AA6F48F5A75D}C:\spiele\mtk\mtx.exe" = protocol=17 | dir=in | app=c:\spiele\mtk\mtx.exe | "UDP Query User{C589C5CF-F6A5-41CA-9CCE-5F7A3CA186AD}C:\spiele\anno1701\anno1701.exe" = protocol=17 | dir=in | app=c:\spiele\anno1701\anno1701.exe | "UDP Query User{EED876C5-8025-4B0D-BCA0-B4744889B82A}C:\spiele\splinter cell\system\splintercell3.exe" = protocol=17 | dir=in | app=c:\spiele\splinter cell\system\splintercell3.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution "{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2 "{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143 "{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen "{18039280-98B7-4C5E-AAC0-10EBC9731031}" = Nero 7 Essentials "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14 "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3 "{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2 "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{440002B9-AB9A-48C2-88F8-409BFC7AB75F}" = EveHQ "{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE "{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6583D00E-0924-4950-8BE9-5D09FE70B333}" = MTX "{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8D91F8B1-6520-4D1A-91E9-56D53E0DA2A3}" = Alienware AlienFX "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701 "{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4 "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3 "{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver "{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{E43ED0A0-C85E-40F0-807C-6A8A9D2FAEF3}_is1" = King’s Bounty: The Legend (Nur entfernen) "{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher "{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2 "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable "{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Able RAWer_is1" = Able RAWer 1.4.9.30 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Age of Wonders Shadow Magic" = Age of Wonders Shadow Magic "AlienRespawn20_AD" = AlienRespawn v2.0 "Audiograbber" = Audiograbber 1.83 SE "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Baldur's Gate" = Baldur's Gate "Black Mirror 2_is1" = Black Mirror 2 "CD Audio MP3 Converter" = CD Audio MP3 Converter "Conquest: Frontier Wars 1.00" = Conquest: Frontier Wars "DivX Setup.divx.com" = DivX-Setup "Drakensang_is1" = Drakensang "EVE" = EVE Online (remove only) "ImTOO MP4 Video Converter" = ImTOO MP4 Video Converter "InstallShield_{8D91F8B1-6520-4D1A-91E9-56D53E0DA2A3}" = Alienware AlienFX "InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III "InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties "Jagged Alliance 2" = Jagged Alliance 2 "Jagged Alliance 2: Unfinished Business" = Jagged Alliance 2: Unfinished Business "Lula 3D - Demo" = Lula 3D - Demo "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mount&Blade" = Mount&Blade "NVIDIA Drivers" = NVIDIA Drivers "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OPERATION7" = OPERATION7 "PowerStrip 3 (remove only)" = PowerStrip 3 (remove only) "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "PunkBusterSvc" = PunkBuster Services "softonic-de3 Toolbar" = softonic-de3 Toolbar "StarCraft II" = StarCraft II "Steam App 10680" = Aliens vs Predator "Steam App 15620" = Warhammer® 40,000â„¢: Dawn of War® II "Steam App 500" = Left 4 Dead "SystemRequirementsLab" = System Requirements Lab "TBSB00982.TBSB00982Toolbar" = Ant.com Toolbar "TeamSpeak 3 Client" = TeamSpeak 3 Client "VLC media player" = VLC media player 1.0.0-rc2 "Winamp" = Winamp "WinRAR archiver" = WinRAR ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 28.07.2010 14:18:00 | Computer Name = Immolatus | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 29.07.2010 05:49:23 | Computer Name = Immolatus | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 29.07.2010 05:49:23 | Computer Name = Immolatus | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 29.07.2010 19:25:38 | Computer Name = Immolatus | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 29.07.2010 19:25:38 | Computer Name = Immolatus | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 30.07.2010 08:59:14 | Computer Name = Immolatus | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 30.07.2010 08:59:14 | Computer Name = Immolatus | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 30.07.2010 16:01:20 | Computer Name = Immolatus | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 30.07.2010 16:01:20 | Computer Name = Immolatus | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 30.07.2010 16:05:25 | Computer Name = Immolatus | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung NeroStartSmart.exe, Version 3.5.5.0, Zeitstempel 0x451d82a6, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd, Ausnahmecode 0xc0000005, Fehleroffset 0x000347b8, Prozess-ID 0x7e4, Anwendungsstartzeit 01cb3022888603b3. [ System Events ] Error - 15.07.2009 09:00:59 | Computer Name = Immolatus | Source = HTTP | ID = 15016 Description = Error - 15.07.2009 15:18:36 | Computer Name = Immolatus | Source = HTTP | ID = 15016 Description = Error - 16.07.2009 07:44:40 | Computer Name = Immolatus | Source = HTTP | ID = 15016 Description = Error - 16.07.2009 10:03:33 | Computer Name = Immolatus | Source = HTTP | ID = 15016 Description = Error - 16.07.2009 13:53:17 | Computer Name = Immolatus | Source = HTTP | ID = 15016 Description = Error - 16.07.2009 15:57:21 | Computer Name = Immolatus | Source = HTTP | ID = 15016 Description = Error - 17.07.2009 16:00:03 | Computer Name = Immolatus | Source = HTTP | ID = 15016 Description = Error - 17.07.2009 18:22:17 | Computer Name = Immolatus | Source = Schannel | ID = 36874 Description = Eine SSL-Verbindungsanforderung wurde von einer Remoteclientanwendung übermittelt, aber keine der Verschlüsselungssammlungen, die von der Clientanwendung unterstützt werden, werden vom Server unterstützt. Die SSL-Verbindungsanforderung ist fehlgeschlagen. Error - 18.07.2009 07:02:24 | Computer Name = Immolatus | Source = HTTP | ID = 15016 Description = Error - 18.07.2009 12:03:18 | Computer Name = Immolatus | Source = HTTP | ID = 15016 Description = < End of report > |
|
07.08.2010, 15:48
| #4 |
| | win32/renos.MQ sorry 2 mal die extras hier noch die OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.08.2010 16:22:54 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Shargan.Immolatus\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18828) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 458,53 Gb Total Space | 69,80 Gb Free Space | 15,22% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 465,76 Gb Total Space | 199,85 Gb Free Space | 42,91% Space Free | Partition Type: NTFS Computer Name: IMMOLATUS Current User Name: Shargan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Shargan.Immolatus\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.) PRC - C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) PRC - C:\Programme\Alienware\Alienware AlienFX\AlienwareAlienFXController.exe (Alienware Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) ========== Modules (SafeList) ========== MOD - C:\Users\Shargan.Immolatus\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (DAUpdaterSvc) -- C:\spiele\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (upperdev) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.) DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (PStrip) -- C:\Windows\System32\drivers\pstrip.sys (EnTech Taiwan) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation) DRV - (RTL85n86) -- C:\Windows\System32\drivers\RTL85n86.sys (Realtek) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = German-bash.org - Krasse Chat-Zitate/Quotes (IRC + IM) - Die letzten 50 Zitate [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Warhammer Online IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 DD 29 5C 16 E2 C9 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O2 - BHO: (TBSB00982 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programme\Antbar\Ant.com Toolbar\tbu08610\tbcore3.dll () O3 - HKLM\..\Toolbar: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Programme\Antbar\Ant.com Toolbar\tbu08610\tbcore3.dll () O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Programme\Antbar\Ant.com Toolbar\tbu08610\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Alienware AlienFX\AlienwareAlienFXController.exe (Alienware Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} hxxp://www.fiaa.eu/OPLauncher.cab (Perparer Class) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Shargan.Immolatus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Shargan.Immolatus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4bde3ce2-9c3a-11dc-b2d9-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4bde3ce2-9c3a-11dc-b2d9-806e6f6e6963}\Shell\AutoRun\command - "" = D:\StartUp.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm () Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll () Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) ========== Files/Folders - Created Within 30 Days ========== [2010.08.07 16:18:30 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Shargan.Immolatus\Desktop\OTL.exe [2010.08.07 01:48:44 | 000,202,752 | ---- | C] (ConeXware, Inc.) -- C:\Windows\Yfajea.exe [2010.08.07 01:48:34 | 000,255,488 | ---- | C] (ConeXware, Inc.) -- C:\Windows\System32\sshnas21.dll [2010.08.03 10:48:58 | 000,000,000 | ---D | C] -- C:\Programme\ProtectDisc Driver Installer [2010.07.30 23:53:21 | 705,764,427 | ---- | C] (Macrovision Corporation) -- C:\Users\Shargan.Immolatus\Desktop\setup-1.46.0.3.exe [2010.07.30 15:02:16 | 000,000,000 | ---D | C] -- C:\Users\Shargan.Immolatus\Documents\StarCraft II [2010.07.30 15:02:16 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Blizzard Entertainment [2010.07.30 15:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2010.07.19 01:42:22 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\system32CmdLineExt.dll [2010.07.19 01:35:21 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010.07.16 21:52:31 | 000,000,000 | ---D | C] -- C:\Users\Shargan.Immolatus\AppData\Roaming\DivX [2010.07.16 21:52:01 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared [2010.07.16 21:46:33 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2010.07.16 21:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.07.16 03:40:59 | 000,000,000 | ---D | C] -- C:\Lula 3D - Demo [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.07 16:24:00 | 002,621,440 | -HS- | M] () -- C:\Users\Shargan.Immolatus\ntuser.dat [2010.08.07 16:18:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Shargan.Immolatus\Desktop\OTL.exe [2010.08.07 16:18:13 | 000,000,250 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.08.07 16:00:00 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.08.07 15:56:14 | 000,108,032 | ---- | M] () -- C:\Users\Shargan.Immolatus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.07 15:33:01 | 000,000,304 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.08.07 15:14:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.07 15:14:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.07 15:14:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.07 15:14:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.07 15:13:59 | 2147,016,704 | -HS- | M] () -- C:\hiberfil.sys [2010.08.07 15:12:33 | 000,524,288 | -HS- | M] () -- C:\Users\Shargan.Immolatus\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2010.08.07 15:12:33 | 000,065,536 | -HS- | M] () -- C:\Users\Shargan.Immolatus\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.08.07 15:12:01 | 004,711,124 | -H-- | M] () -- C:\Users\Shargan.Immolatus\AppData\Local\IconCache.db [2010.08.07 01:48:38 | 000,202,752 | ---- | M] (ConeXware, Inc.) -- C:\Windows\Yfajea.exe [2010.08.07 01:48:34 | 000,255,488 | ---- | M] (ConeXware, Inc.) -- C:\Windows\System32\sshnas21.dll [2010.08.03 11:27:13 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000E3E.LCS [2010.07.30 23:55:04 | 705,764,427 | ---- | M] (Macrovision Corporation) -- C:\Users\Shargan.Immolatus\Desktop\setup-1.46.0.3.exe [2010.07.30 18:25:43 | 000,524,288 | -HS- | M] () -- C:\Users\Shargan.Immolatus\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.07.26 20:35:12 | 365,320,192 | ---- | M] () -- C:\Users\Shargan.Immolatus\Desktop\lots-s02e16.avi [2010.07.21 02:16:09 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.07.19 01:42:22 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\system32CmdLineExt.dll [2010.07.18 23:12:53 | 367,532,032 | ---- | M] () -- C:\Users\Shargan.Immolatus\Desktop\lots-s02e15.avi [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.07 03:57:28 | 2147,016,704 | -HS- | C] () -- C:\hiberfil.sys [2010.08.07 01:48:44 | 000,000,304 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.08.07 01:48:39 | 000,000,250 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.07.29 13:36:13 | 365,320,192 | ---- | C] () -- C:\Users\Shargan.Immolatus\Desktop\lots-s02e16.avi [2010.07.28 22:53:23 | 367,532,032 | ---- | C] () -- C:\Users\Shargan.Immolatus\Desktop\lots-s02e15.avi [2010.07.21 02:50:18 | 047,904,532 | ---- | C] () -- C:\Users\Shargan.Immolatus\Desktop\WAR_Cinematic2_640x360.wmv [2010.07.21 02:50:11 | 038,054,556 | ---- | C] () -- C:\Users\Shargan.Immolatus\Desktop\WAR_cinematic_640x360.wmv [2010.02.09 16:58:54 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.10.20 17:18:42 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll [2009.10.15 01:58:55 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.09.24 00:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.09.20 16:14:48 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.08.06 01:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI [2009.06.28 21:38:01 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2009.06.10 21:40:29 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.06.10 21:40:19 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.05.29 19:27:28 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.10.28 18:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.09.12 16:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2009.11.03 02:07:28 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2009.09.20 23:05:45 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\DAEMON Tools Lite [2010.06.26 02:24:09 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\EveHQ [2009.07.05 17:42:25 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Mount&Blade [2009.08.17 11:00:37 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Nokia [2009.08.17 10:59:09 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\PC Suite [2010.01.03 02:03:08 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\ProtectDisc [2009.11.03 00:33:48 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Red Alert 3 [2010.07.18 02:36:09 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\TS3Client [2009.05.26 21:27:13 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\TuneUp Software [2009.07.03 17:41:03 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Ubisoft [2009.10.12 16:48:58 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\VistaCodecs [2010.08.07 16:00:00 | 000,000,504 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2010.08.07 15:12:21 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.08.07 15:33:01 | 000,000,304 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.08.07 16:18:13 | 000,000,250 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.05.28 02:32:15 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Adobe [2010.06.23 21:52:25 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Ahead [2009.11.03 02:07:28 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2009.06.25 02:06:56 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\CyberLink [2009.09.20 23:05:45 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\DAEMON Tools Lite [2010.07.21 02:16:05 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\DivX [2010.02.22 22:23:02 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\dvdcss [2010.06.26 02:24:09 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\EveHQ [2010.03.06 20:43:16 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Hamachi [2009.05.25 21:32:21 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Identities [2009.05.27 16:22:55 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Macromedia [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Media Center Programs [2010.07.28 23:56:04 | 000,000,000 | --SD | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Microsoft [2009.07.05 17:42:25 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Mount&Blade [2010.02.26 18:31:17 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Mozilla [2009.08.17 11:00:37 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Nokia [2009.08.17 10:59:09 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\PC Suite [2010.01.03 02:03:08 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\ProtectDisc [2009.10.12 21:52:04 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Real [2009.11.03 00:33:48 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Red Alert 3 [2009.10.30 17:16:18 | 000,000,000 | RH-D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\SecuROM [2010.08.02 18:09:48 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Skype [2010.08.02 16:01:18 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\skypePM [2010.07.18 02:36:09 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\TS3Client [2009.05.26 21:27:13 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\TuneUp Software [2009.07.03 17:41:03 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Ubisoft [2009.10.12 16:48:58 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\VistaCodecs [2010.08.07 02:02:35 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\vlc [2010.07.21 02:15:30 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Winamp [2009.06.29 00:32:00 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.06.26 02:22:36 | 000,025,600 | ---- | M] () -- C:\Users\Shargan.Immolatus\AppData\Roaming\EveHQ\Updater\EveHQPatcher.exe [2010.04.15 02:30:56 | 000,003,638 | R--- | M] () -- C:\Users\Shargan.Immolatus\AppData\Roaming\Microsoft\Installer\{440002B9-AB9A-48C2-88F8-409BFC7AB75F}\_6FEFF9B68218417F98F549.exe [2010.04.15 02:30:56 | 000,003,638 | R--- | M] () -- C:\Users\Shargan.Immolatus\AppData\Roaming\Microsoft\Installer\{440002B9-AB9A-48C2-88F8-409BFC7AB75F}\_B7215C4540D2525642ACAA.exe [2010.04.15 02:30:56 | 000,003,638 | R--- | M] () -- C:\Users\Shargan.Immolatus\AppData\Roaming\Microsoft\Installer\{440002B9-AB9A-48C2-88F8-409BFC7AB75F}\_D4964CC497D1B9A699870B.exe [2010.02.26 18:28:37 | 000,026,582 | R--- | M] () -- C:\Users\Shargan.Immolatus\AppData\Roaming\Microsoft\Installer\{6583D00E-0924-4950-8BE9-5D09FE70B333}\_A1581DB18CFA3686826265.exe [2010.02.26 18:28:37 | 000,026,582 | R--- | M] () -- C:\Users\Shargan.Immolatus\AppData\Roaming\Microsoft\Installer\{6583D00E-0924-4950-8BE9-5D09FE70B333}\_B16563C2DBC78DF677E89C.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2009.05.26 19:19:53 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2009.05.26 19:19:53 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2009.05.26 19:19:53 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2007.01.05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys [2007.01.05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvstor.inf_f48b8337\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.11.26 11:28:49 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2007.11.26 11:28:49 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2009.09.20 16:14:48 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2008.01.19 09:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2008.01.19 09:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 749 bytes -> C:\Users\Shargan.Immolatus\Documents\Bestellung vom 29_10_2009, Grundlagen des Westernreitens_Verena.eml:OECustomProperty < End of report > [2010.08.07 16:33:21 | 002,621,440 | -HS- | M] () -- C:\Users\Shargan.Immolatus\ntuser.dat [2010.08.07 16:33:01 | 000,000,304 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.08.07 16:18:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Shargan.Immolatus\Desktop\OTL.exe [2010.08.07 16:18:13 | 000,000,250 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.08.07 16:00:00 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.08.07 15:56:14 | 000,108,032 | ---- | M] () -- C:\Users\Shargan.Immolatus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.07 15:14:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.07 15:14:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.07 15:12:33 | 000,524,288 | -HS- | M] () -- C:\Users\Shargan.Immolatus\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2010.08.07 15:12:33 | 000,065,536 | -HS- | M] () -- C:\Users\Shargan.Immolatus\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.08.07 15:12:01 | 004,711,124 | -H-- | M] () -- C:\Users\Shargan.Immolatus\AppData\Local\IconCache.db [2010.08.07 01:48:38 | 000,202,752 | ---- | M] (ConeXware, Inc.) -- C:\Windows\Yfajea.exe [2010.08.07 01:48:34 | 000,255,488 | ---- | M] (ConeXware, Inc.) -- C:\Windows\System32\sshnas21.dll [2010.08.03 11:27:13 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000E3E.LCS [2010.07.30 23:55:04 | 705,764,427 | ---- | M] (Macrovision Corporation) -- C:\Users\Shargan.Immolatus\Desktop\setup-1.46.0.3.exe [2010.07.30 18:25:43 | 000,524,288 | -HS- | M] () -- C:\Users\Shargan.Immolatus\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.07.26 20:35:12 | 365,320,192 | ---- | M] () -- C:\Users\Shargan.Immolatus\Desktop\lots-s02e16.avi [2010.07.21 02:16:09 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.07.19 01:42:22 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\system32CmdLineExt.dll [2010.07.18 23:12:53 | 367,532,032 | ---- | M] () -- C:\Users\Shargan.Immolatus\Desktop\lots-s02e15.avi [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== LOP Check ========== [2009.11.03 02:07:28 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2009.09.20 23:05:45 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\DAEMON Tools Lite [2010.06.26 02:24:09 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\EveHQ [2009.07.05 17:42:25 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Mount&Blade [2009.08.17 11:00:37 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Nokia [2009.08.17 10:59:09 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\PC Suite [2010.01.03 02:03:08 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\ProtectDisc [2009.11.03 00:33:48 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Red Alert 3 [2010.07.18 02:36:09 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\TS3Client [2009.05.26 21:27:13 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\TuneUp Software [2009.07.03 17:41:03 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Ubisoft [2009.10.12 16:48:58 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\VistaCodecs [2010.08.07 16:00:00 | 000,000,504 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2010.08.07 15:12:21 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.08.07 16:33:01 | 000,000,304 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.08.07 16:18:13 | 000,000,250 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.05.28 02:32:15 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Adobe [2010.06.23 21:52:25 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Ahead [2009.11.03 02:07:28 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2009.06.25 02:06:56 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\CyberLink [2009.09.20 23:05:45 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\DAEMON Tools Lite [2010.07.21 02:16:05 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\DivX [2010.02.22 22:23:02 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\dvdcss [2010.06.26 02:24:09 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\EveHQ [2010.03.06 20:43:16 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Hamachi [2009.05.25 21:32:21 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Identities [2009.05.27 16:22:55 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Macromedia [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Media Center Programs [2010.07.28 23:56:04 | 000,000,000 | --SD | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Microsoft [2009.07.05 17:42:25 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Mount&Blade [2010.02.26 18:31:17 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Mozilla [2009.08.17 11:00:37 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Nokia [2009.08.17 10:59:09 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\PC Suite [2010.01.03 02:03:08 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\ProtectDisc [2009.10.12 21:52:04 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Real [2009.11.03 00:33:48 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Red Alert 3 [2009.10.30 17:16:18 | 000,000,000 | RH-D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\SecuROM [2010.08.02 18:09:48 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Skype [2010.08.02 16:01:18 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\skypePM [2010.07.18 02:36:09 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\TS3Client [2009.05.26 21:27:13 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\TuneUp Software [2009.07.03 17:41:03 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Ubisoft [2009.10.12 16:48:58 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\VistaCodecs [2010.08.07 02:02:35 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\vlc [2010.07.21 02:15:30 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\Winamp [2009.06.29 00:32:00 | 000,000,000 | ---D | M] -- C:\Users\Shargan.Immolatus\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.06.26 02:22:36 | 000,025,600 | ---- | M] () -- C:\Users\Shargan.Immolatus\AppData\Roaming\EveHQ\Updater\EveHQPatcher.exe [2010.04.15 02:30:56 | 000,003,638 | R--- | M] () -- C:\Users\Shargan.Immolatus\AppData\Roaming\Microsoft\Installer\{440002B9-AB9A-48C2-88F8-409BFC7AB75F}\_6FEFF9B68218417F98F549.exe [2010.04.15 02:30:56 | 000,003,638 | R--- | M] () -- C:\Users\Shargan.Immolatus\AppData\Roaming\Microsoft\Installer\{440002B9-AB9A-48C2-88F8-409BFC7AB75F}\_B7215C4540D2525642ACAA.exe [2010.04.15 02:30:56 | 000,003,638 | R--- | M] () -- C:\Users\Shargan.Immolatus\AppData\Roaming\Microsoft\Installer\{440002B9-AB9A-48C2-88F8-409BFC7AB75F}\_D4964CC497D1B9A699870B.exe [2010.02.26 18:28:37 | 000,026,582 | R--- | M] () -- C:\Users\Shargan.Immolatus\AppData\Roaming\Microsoft\Installer\{6583D00E-0924-4950-8BE9-5D09FE70B333}\_A1581DB18CFA3686826265.exe [2010.02.26 18:28:37 | 000,026,582 | R--- | M] () -- C:\Users\Shargan.Immolatus\AppData\Roaming\Microsoft\Installer\{6583D00E-0924-4950-8BE9-5D09FE70B333}\_B16563C2DBC78DF677E89C.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sy s [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2009.05.26 19:19:53 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2009.05.26 19:19:53 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2009.05.26 19:19:53 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2007.01.05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys [2007.01.05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvstor.inf_f48b8337\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.11.26 11:28:49 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2007.11.26 11:28:49 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2009.09.20 16:14:48 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2008.01.19 09:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2008.01.19 09:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 749 bytes -> C:\Users\Shargan.Immolatus\Documents\Bestellung vom 29_10_2009, Grundlagen des Westernreitens_Verena.eml:OECustomProperty < End of report > |
|
07.08.2010, 16:44
| #5 |
| | win32/renos.MQ was macht der eigentlich ?? |
|
07.08.2010, 16:57
| #6 |
| /// Malware-holic | win32/renos.MQ wenn du darauf verzichten kannst, deinstaliere die softonic toolbar. ebenfallst die Ant.com toolbar (TBSB00982Toolbar) Fixen mit OTL • Starte bitte die OTL.exe. Vista-User mit Rechtsklick "als Administrator starten" • Kopiere nun das Folgende in die Textbox. :OTL DRV - (upperdev) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found O33 - MountPoints2\{4bde3ce2-9c3a-11dc-b2d9-806e6f6e6963}\Shell\AutoRun\command - "" = D:\StartUp.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found [2010.08.07 01:48:44 | 000,202,752 | ---- | C] (ConeXware, Inc.) -- C:\Windows\Yfajea.exe [2010.08.07 01:48:34 | 000,255,488 | ---- | C] (ConeXware, Inc.) -- C:\Windows\System32\sshnas21.dll [2010.08.07 16:18:13 | 000,000,250 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.08.07 15:33:01 | 000,000,304 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.08.07 15:14:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.07 15:14:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument dieses posten bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
07.08.2010, 17:02
| #7 |
| | win32/renos.MQ was ist den eine combofix log |
|
07.08.2010, 17:05
| #8 |
| /// Malware-holic | win32/renos.MQ wenn du auf den link klickst, wirst du es sehen. aber arbeite von oben nach unten alles durch :d |
|
07.08.2010, 17:44
| #9 |
| | win32/renos.MQ soo hat ein bisserl gedauert windows hat gemeint es wäa eine kopie und ich musste den schlüssel neu eingeben ???? hier die logs All processes killed ========== OTL ========== Service upperdev stopped successfully! Service upperdev deleted successfully! File C:\Windows\System32\DRIVERS\usbser_lowerflt.sys File not found not found. Service NwlnkFwd stopped successfully! Service NwlnkFwd deleted successfully! File C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found not found. Service NwlnkFlt stopped successfully! Service NwlnkFlt deleted successfully! File C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found not found. Service IpInIp stopped successfully! Service IpInIp deleted successfully! File C:\Windows\System32\DRIVERS\ipinip.sys File not found not found. Service blbdrive stopped successfully! Service blbdrive deleted successfully! File C:\Windows\System32\drivers\blbdrive.sys File not found not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4bde3ce2-9c3a-11dc-b2d9-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4bde3ce2-9c3a-11dc-b2d9-806e6f6e6963}\ not found. File D:\StartUp.exe not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully. C:\Windows\Yfajea.exe moved successfully. C:\Windows\System32\sshnas21.dll moved successfully. C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job moved successfully. C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully. File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot. File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: Shargan User: Shargan.Immolatus ->Flash cache emptied: 485317 bytes User: SHARGA~1~IMM Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Shargan User: Shargan.Immolatus ->Temp folder emptied: 31832 bytes ->Temporary Internet Files folder emptied: 3075734698 bytes ->Java cache emptied: 37881306 bytes ->Google Chrome cache emptied: 36298159 bytes ->Flash cache emptied: 0 bytes User: SHARGA~1~IMM ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 4 bytes %systemroot% .tmp files removed: 512000 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1089146 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 3.006,00 mb OTL by OldTimer - Version 3.2.9.1 log created on 08072010_180410 Files\Folders moved on Reboot... File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot. File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot. Registry entries deleted on Reboot... und die combofix Combofix Logfile: Code:
ATTFilter ComboFix 10-08-06.03 - Shargan 07.08.2010 18:32:26.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2047.1353 [GMT 2:00]
ausgeführt von:: c:\users\Shargan.Immolatus\Desktop\ComboFix.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Antbar\Ant.com Toolbar\tbu08610\tbHElper.dll
c:\program files\INSTALL.LOG
c:\users\Shargan.Immolatus\AppData\Roaming\Microsoft\Windows\Recent\desktop_14791937.ico
c:\windows\jestertb.dll
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-07 bis 2010-08-07 ))))))))))))))))))))))))))))))
.
2010-08-07 16:38 . 2010-08-07 16:38 -------- d-----w- c:\users\Shargan.Immolatus\AppData\Local\temp
2010-08-07 16:38 . 2010-08-07 16:38 -------- d-----w- c:\users\SHARGA~1~IMM\AppData\Local\temp
2010-08-07 16:38 . 2010-08-07 16:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-07 16:03 . 2010-08-07 16:03 -------- d-----w- C:\_OTL
2010-08-06 20:49 . 2010-08-06 20:49 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-03 08:48 . 2010-08-03 08:48 -------- d-----w- c:\program files\ProtectDisc Driver Installer
2010-07-30 13:02 . 2010-08-06 20:43 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-30 13:02 . 2010-07-30 13:54 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-07-28 21:57 . 2010-07-28 21:57 1079048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-07-18 23:42 . 2010-07-18 23:42 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2010-07-18 23:35 . 2010-07-18 23:35 -------- d-----w- c:\program files\Common Files\Skype
2010-07-16 01:40 . 2010-07-16 01:42 -------- d-----w- C:\Lula 3D - Demo
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-07 16:26 . 2007-11-26 09:14 -------- d-----w- c:\programdata\NVIDIA
2010-08-07 00:02 . 2009-05-28 00:42 -------- d-----w- c:\users\Shargan.Immolatus\AppData\Roaming\vlc
2010-08-02 16:09 . 2009-11-18 23:06 -------- d-----w- c:\users\Shargan.Immolatus\AppData\Roaming\Skype
2010-08-02 14:01 . 2009-11-18 23:07 -------- d-----w- c:\users\Shargan.Immolatus\AppData\Roaming\skypePM
2010-07-21 00:16 . 2010-07-16 19:52 -------- d-----w- c:\users\Shargan.Immolatus\AppData\Roaming\DivX
2010-07-21 00:15 . 2009-06-01 12:31 -------- d-----w- c:\users\Shargan.Immolatus\AppData\Roaming\Winamp
2010-07-18 00:36 . 2010-02-08 02:05 -------- d-----w- c:\users\Shargan.Immolatus\AppData\Roaming\TS3Client
2010-06-26 00:24 . 2010-04-15 00:31 -------- d-----w- c:\users\Shargan.Immolatus\AppData\Roaming\EveHQ
2010-06-26 00:24 . 2010-04-15 00:30 -------- d-----w- c:\program files\EveHQ
2010-06-26 00:22 . 2010-04-17 00:34 25600 ----a-w- c:\users\Shargan.Immolatus\AppData\Roaming\EveHQ\Updater\EveHQPatcher.exe
2010-06-23 19:52 . 2009-06-04 11:25 -------- d-----w- c:\users\Shargan.Immolatus\AppData\Roaming\Ahead
2010-06-10 14:22 . 2010-02-08 02:05 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-06-06 20:18 . 2007-01-22 17:16 618204 ----a-w- c:\windows\system32\perfh007.dat
2010-06-06 20:18 . 2007-01-22 17:16 122442 ----a-w- c:\windows\system32\perfc007.dat
2010-05-21 12:14 . 2009-10-03 09:42 221568 ------w- c:\windows\system32\MpSigStub.exe
2003-12-18 09:33 . 2009-10-14 22:55 20102 ----a-w- c:\program files\Readme.txt
2003-09-03 05:46 . 2009-10-14 22:55 10960 ----a-w- c:\program files\EULA.txt
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2009-10-01 2166296]
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2009-10-01 16:29 2166296 ----a-w- c:\program files\softonic-de3\tbsoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "c:\program files\Antbar\Ant.com Toolbar\tbu08610\tbcore3.dll" [2009-01-16 2596864]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2009-10-01 2166296]
[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "c:\program files\Antbar\Ant.com Toolbar\tbu08610\tbcore3.dll" [2009-01-16 2596864]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2009-10-01 2166296]
[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184]
"AlienFX Controller"="c:\program files\Alienware\Alienware AlienFX\AlienwareAlienFXController.exe" [2007-01-29 327680]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 3203144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="c:\spiele\left4dead\steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2805695796-2745399140-4180009984-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11-Drahtlosgerätetreiber;c:\windows\system32\DRIVERS\RTL85n86.sys [2006-11-02 311808]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-09-20 721904]
S1 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-13 108289]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
2010-08-07 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2009-05-26 07:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.war-europe.com/#/myaccount/?lang=de
DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} - hxxp://www.fiaa.eu/OPLauncher.cab
.
**************************************************************************
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien:
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-2805695796-2745399140-4180009984-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f8,09,71,c1,43,db,0e,65,3d,a2,6d,3d,0c,4a,a0,00,c8,53,a5,15,6c,e2,d5,
9c,b2,73,5c,33,8a,9c,81,94,18,6f,3e,ae,e1,f9,ed,b7,f3,13,72,2e,80,9e,5f,73,\
"??"=hex:ae,86,b0,8c,99,81,cf,43,81,e5,8f,7b,aa,38,71,8b
[HKEY_USERS\S-1-5-21-2805695796-2745399140-4180009984-1000\Software\SecuROM\License information*]
"datasecu"=hex:2a,99,c2,9b,91,72,09,5c,5e,4d,d3,25,e8,91,c7,d0,88,13,ee,81,5b,
01,9d,4c,76,a9,f9,35,19,4b,d4,0b,1b,5c,be,48,46,04,92,be,87,d1,d2,ff,8e,aa,\
"rkeysecu"=hex:3c,46,92,60,16,08,a3,6e,68,da,16,97,a8,28,3c,37
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2010-08-07 18:40:54
ComboFix-quarantined-files.txt 2010-08-07 16:40
Vor Suchlauf: 15 Verzeichnis(se), 82.654.277.632 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 82.594.631.680 Bytes frei
- - End Of File - - 2B75FF33AF2ACB5AF0BA6A8EF62AAE8D
|
|
07.08.2010, 17:58
| #10 |
| /// Malware-holic | win32/renos.MQ hmm das ist merkwürdig. rechtsklick avira schirm, guard deaktivieren. öffne mein computer (arbeitsplatz) c: dort rechtsklick auf _OTL und zu _OTL.rar oder zip hinzufügen. falls das nicht klappt, starte in den abgesicherten modus, meist die f8-taste bei pc start ein paaar mal betätigen und erneut versuchen, lad das _otl.rar oder zip zu uns hoch: dateiupload: http://www.trojaner-board.de/54791-a...ner-board.html wenn das erledigt ist, gib bescheid bitte |
|
07.08.2010, 18:02
| #11 |
| | win32/renos.MQ die probleme mit win haben erst mit dem combofix angefangen der hat beim starten gemeldtet das er nicht ausgeführt werden kann weil ein virtuelles laufwerk am laufen wäre und er es vorher ausschalten müsste (temporär) dann wollt er neu starten und dabei hat windows gemeint es wären nicht authorisierte änderungen vorgenommen worden und ich müsste die echtheit von windows nochmal bestätigen (key halt) |
|
07.08.2010, 18:08
| #12 |
| /// Malware-holic | win32/renos.MQ aso ok dann folgendermaßen: CD-Emulatoren mit DeFogger deaktivieren Du hast CD-Emulatoren wie Alcohol, DaemonTools oder ähnliche auf diesem Computer installiert. Da diese Emulatoren mit Rootkit-Technik arbeiten, können sie die Fahndung nach bösartigen Rootkits verfälschen und erschweren. Aus diesem Grund bitte entweder das folgende Tool zum Deaktivieren laufen lassen oder die Software über Systemsteuerung => Software/Programme deinstallieren. Berichte mir, für welche Variante Du Dich entschieden hast. Die Deaktivierung können wir nach der Bereinigung rückgängig machen. Lade http://filepony.de/download-defogger/ herunter und speichere es auf Deinem Desktop. Doppelklicke DeFogger, um das Tool zu starten. • Es öffnet sich das Programm-Fenster des Tools. • Klick auf den Button Disable, um die CD- Emulation-Treiber zu deaktivieren. • Klicke Ja, um fortzufahren. • Wenn die Nachricht 'Finished!' erscheint, • klicke OK. • DeFogger wird nun einen Reboot erfragen - klicke OK • Poste mir das defogger_disable.log hier in den Thread. Keinesfalls die Treiber reaktivieren, bevor es angewiesen wird. dann läuft auch combofix. |
|
07.08.2010, 18:11
| #13 |
| | win32/renos.MQ also defogger hat alles deaktiviert (deamontools hatte ich drauf aber nicht aktiviert dacht ich zumindest) |
|
07.08.2010, 18:13
| #14 |
| | win32/renos.MQ hab aber nicht neustarten müssen hab defogger extra nochmal gestertet aber keine abfrage |
|
07.08.2010, 18:15
| #15 |
| | win32/renos.MQ bevor ich es nochmal vergesse defogger_disable by jpshortstuff (23.02.10.1) Log created at 19:11 on 07/08/2010 (Shargan) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... SPTD -> Already disabled -=E.O.F=- |
|
| Themen zu win32/renos.MQ |
| antivir, archiv, automatisch, datensicherung, defender, einträge, entferne, entfernen, externe, externe platte, gestartet, google, heute, hängen, meldung, morgen, platte, power, quarantäne, scan, sicherung, suche, versucht, win, windows, winzip |
Linear-Darstellung
