| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: seltsame Musik im Browser Trojaner?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.08.2010, 12:19
| #1 |
| |  seltsame Musik im Browser Trojaner? Hi, ich mich hier schon durch ein paar Threads von mehreren Leuten gelesen die so ein ähnliches Problem hatten wie ich. Es kommt einfach irgendeine Musik aus meinen Boxen, die ich noch nie gehört hab, jedoch keinen Kampflärm. Seltsam ist auch, das die Musik nur kommt wenn ich im Internetbrowser surfe. Sobald der Browser aus is, ist auch die Musik aus. Ich habe mal ein paar Scans mit von euch empfohlenen Programmen durchgefürht. MBRCheck: PHP-Code: dieses File hab ich dann gelöscht und wie von euch beschrieben ein paar Einstellungen geändert und einen neuen Scan durchgeführt MBRCheck: PHP-Code: PHP-Code: OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.08.2010 12:26:57 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\*****\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 65,00 Gb Total Space | 11,31 Gb Free Space | 17,40% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 400,76 Gb Total Space | 360,70 Gb Free Space | 90,00% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *****-PC Current User Name: ***** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Manuel\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe () PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () ========== Modules (SafeList) ========== MOD - C:\Users/*****\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (avg9emc) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (OS Selector) -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () ========== Driver Services (SafeList) ========== DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dllഀ File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4294236280-299869525-1871705385-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2567732 IE - HKU\S-1-5-21-4294236280-299869525-1871705385-1001\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-4294236280-299869525-1871705385-1001\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) IE - HKU\S-1-5-21-4294236280-299869525-1871705385-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.07.21 23:29:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.06.14 22:30:47 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\mozilla\Extensions [2010.06.14 22:30:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuel\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-4294236280-299869525-1871705385-1001\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-4294236280-299869525-1871705385-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpFolder: C:^Users^Manuel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - () MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe File not found MsConfig:64bit - StartUpReg: Comrade.exe - hkey= - key= - C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe File not found MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - c:\program files (x86)\valve\steam\steam.exe (Valve Corporation) MsConfig:64bit - State: "bootini" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.08.08 03:05:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2010.08.08 02:56:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2010.08.08 02:00:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.08.08 02:00:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.08.08 01:58:26 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\*****\Desktop\mbam-setup.exe [2010.08.08 01:53:28 | 041,623,735 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Users\Manuel\Desktop\Vista_Win7_R250_x64.exe [2010.08.04 01:08:40 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\nHancer [2010.08.04 01:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon [2010.08.04 01:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\nHancer [2010.08.02 01:08:23 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\CAPCOM [2010.08.01 03:09:27 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Risen [2010.08.01 03:01:35 | 000,000,000 | ---D | C] -- C:\Windows\1C4551A64743409391E41477CD655043.TMP [2010.08.01 01:24:22 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Microsoft Games [2010.07.30 17:19:39 | 000,000,000 | ---D | C] -- C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP [2010.07.30 12:50:23 | 000,000,000 | ---D | C] -- C:\Windows\Acronis [2010.07.30 12:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis [2010.07.30 12:48:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis [2010.07.30 12:48:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis [2010.07.29 00:26:28 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2010.07.26 22:22:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2010.07.26 22:22:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Messenger_Plus_Live_Germany [2010.07.26 22:21:45 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Verlauf [2010.07.25 14:31:36 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Override [2010.07.25 14:04:37 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\The Witcher [2010.07.25 13:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2010.07.25 13:28:57 | 005,107,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2010.07.25 13:28:57 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2010.07.25 13:28:52 | 014,092,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2010.07.25 13:28:52 | 000,314,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll [2010.07.25 13:28:48 | 002,892,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2010.07.25 13:28:48 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2010.07.25 13:28:43 | 010,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2010.07.25 13:28:43 | 004,553,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2010.07.25 13:28:43 | 001,625,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2010.07.25 12:45:56 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\GaHero [2010.07.25 00:11:48 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Tortured Demo (Roh) [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.08 12:27:46 | 002,097,152 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT [2010.08.08 12:23:05 | 000,869,051 | ---- | M] () -- C:\Users\*****\Desktop\SecurityCheck.exe [2010.08.08 12:11:06 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.08 11:44:44 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.08 11:44:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.08 11:44:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.08 11:44:29 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2010.08.08 03:34:05 | 009,950,663 | -H-- | M] () -- C:\Users\*****\AppData\Local\IconCache.db [2010.08.08 03:05:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe [2010.08.08 02:56:50 | 002,672,312 | ---- | M] () -- C:\Users\*****\Desktop\esetsmartinstaller_deu.exe [2010.08.08 02:55:28 | 000,001,007 | ---- | M] () -- C:\Users\*****\Desktop\CCleaner.lnk [2010.08.08 02:38:41 | 000,080,384 | ---- | M] () -- C:\Users\*****\Desktop\MBRCheck.exe [2010.08.08 02:00:05 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.08 01:59:10 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\*****\Desktop\mbam-setup.exe [2010.08.08 01:56:09 | 041,623,735 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\*****\Desktop\Vista_Win7_R250_x64.exe [2010.08.04 01:08:11 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\nHancer.lnk [2010.08.01 03:00:54 | 000,000,978 | ---- | M] () -- C:\Users\*****\Desktop\Risen.exe.lnk [2010.07.30 18:06:22 | 000,000,746 | ---- | M] () -- C:\Users\Public\Desktop\Unreal Tournament 3.lnk [2010.07.30 14:42:10 | 000,000,274 | ---- | M] () -- C:\Windows\game.ini [2010.07.30 12:48:44 | 000,001,270 | ---- | M] () -- C:\Users\Public\Desktop\Acronis*Disk*Director*Home.lnk [2010.07.26 01:13:15 | 000,008,349 | ---- | M] () -- C:\Users\*****\Documents\Fingeruebung15.gp5 [2010.07.26 01:09:45 | 000,006,829 | ---- | M] () -- C:\Users\*****\Documents\Fingeruebung11.gp5 [2010.07.26 00:40:14 | 000,082,823 | ---- | M] () -- C:\Users\*****\Documents\reflection_ver2.gp3 [2010.07.25 14:31:30 | 004,091,786 | ---- | M] () -- C:\Users\*****\Documents\schwertschlag 3.rar [2010.07.25 14:21:53 | 000,668,226 | ---- | M] () -- C:\Users\*****\Documents\jData.rar [2010.07.25 13:24:45 | 958,620,489 | ---- | M] () -- C:\Users\*****\Documents\Gothic_3_Community_Patch_v1.74_Int_Full_b.zip [2010.07.25 12:43:26 | 000,037,531 | ---- | M] () -- C:\Users\*****\Documents\Tuning-Guide Tool.zip [2010.07.25 12:40:13 | 000,222,564 | ---- | M] () -- C:\Users\*****\Documents\Gametool4.2.zip [2010.07.25 00:12:09 | 000,017,148 | -HS- | M] () -- C:\Users\*****\Documents\Folder.jpg [2010.07.25 00:12:09 | 000,017,148 | -HS- | M] () -- C:\Users\*****\Documents\AlbumArt_{201A3C3C-A2A9-453D-A886-5B526629CB1C}_Large.jpg [2010.07.25 00:12:09 | 000,005,151 | -HS- | M] () -- C:\Users\*****\Documents\AlbumArtSmall.jpg [2010.07.25 00:12:09 | 000,005,151 | -HS- | M] () -- C:\Users\*****\Documents\AlbumArt_{201A3C3C-A2A9-453D-A886-5B526629CB1C}_Small.jpg [2010.07.22 21:46:47 | 002,541,072 | ---- | M] () -- C:\Users\*****\Documents\cfosspeed-x64-v452.exe [2010.07.10 00:38:00 | 014,092,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2010.07.10 00:38:00 | 010,267,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2010.07.10 00:38:00 | 009,818,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2010.07.10 00:38:00 | 005,107,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2010.07.10 00:38:00 | 004,553,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2010.07.10 00:38:00 | 002,892,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2010.07.10 00:38:00 | 002,506,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2010.07.10 00:38:00 | 001,625,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2010.07.10 00:38:00 | 000,314,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll [2010.07.10 00:38:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.08 12:22:53 | 000,869,051 | ---- | C] () -- C:\Users\*****\Desktop\SecurityCheck.exe [2010.08.08 02:56:46 | 002,672,312 | ---- | C] () -- C:\Users\*****\Desktop\esetsmartinstaller_deu.exe [2010.08.08 02:38:41 | 000,080,384 | ---- | C] () -- C:\Users\*****\Desktop\MBRCheck.exe [2010.08.08 02:00:05 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.04 01:08:11 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\nHancer.lnk [2010.08.01 03:02:37 | 000,000,978 | ---- | C] () -- C:\Users\*****\Desktop\Risen.exe.lnk [2010.07.30 18:06:22 | 000,000,746 | ---- | C] () -- C:\Users\Public\Desktop\Unreal Tournament 3.lnk [2010.07.30 14:42:10 | 000,000,274 | ---- | C] () -- C:\Windows\game.ini [2010.07.30 12:48:44 | 000,001,270 | ---- | C] () -- C:\Users\Public\Desktop\Acronis*Disk*Director*Home.lnk [2010.07.26 01:13:14 | 000,008,349 | ---- | C] () -- C:\Users\*****\Documents\Fingeruebung15.gp5 [2010.07.26 01:09:45 | 000,006,829 | ---- | C] () -- C:\Users\*****\Documents\Fingeruebung11.gp5 [2010.07.26 00:40:14 | 000,082,823 | ---- | C] () -- C:\Users\*****\Documents\reflection_ver2.gp3 [2010.07.25 14:31:26 | 004,091,786 | ---- | C] () -- C:\Users\*****\Documents\schwertschlag 3.rar [2010.07.25 14:21:53 | 000,668,226 | ---- | C] () -- C:\Users\*****\Documents\jData.rar [2010.07.25 12:47:01 | 958,620,489 | ---- | C] () -- C:\Users\*****\Documents\Gothic_3_Community_Patch_v1.74_Int_Full_b.zip [2010.07.25 12:43:26 | 000,037,531 | ---- | C] () -- C:\Users\*****\Documents\Tuning-Guide Tool.zip [2010.07.25 12:40:13 | 000,222,564 | ---- | C] () -- C:\Users\*****\Documents\Gametool4.2.zip [2010.07.25 00:12:09 | 000,017,148 | -HS- | C] () -- C:\Users\*****\Documents\AlbumArt_{201A3C3C-A2A9-453D-A886-5B526629CB1C}_Large.jpg [2010.07.25 00:12:09 | 000,005,151 | -HS- | C] () -- C:\Users\*****\Documents\AlbumArt_{201A3C3C-A2A9-453D-A886-5B526629CB1C}_Small.jpg [2010.07.25 00:11:48 | 000,017,148 | -HS- | C] () -- C:\Users\*****\Documents\Folder.jpg [2010.07.25 00:11:48 | 000,005,151 | -HS- | C] () -- C:\Users\*****\Documents\AlbumArtSmall.jpg [2010.07.22 21:46:43 | 002,541,072 | ---- | C] () -- C:\Users\*****\Documents\cfosspeed-x64-v452.exe [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.01.02 13:08:01 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2009.10.17 15:55:41 | 001,526,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2002.10.06 20:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll [2002.10.05 01:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll [2002.10.05 01:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll [2002.10.05 01:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll ========== LOP Check ========== [2010.07.04 22:38:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\10-Sekunden-Haushaltsbuch [2010.02.21 00:42:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Activision [2009.10.17 16:27:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Auslogics [2010.03.31 22:42:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canneverbe Limited [2009.12.31 15:03:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DAEMON Tools Lite [2009.12.28 03:38:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DeepBurner [2010.06.05 01:29:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GetRightToGo [2010.08.08 01:45:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ [2010.07.30 03:40:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\kikin [2010.08.04 01:08:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\nHancer [2009.11.15 13:14:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org [2009.10.17 14:57:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Opera [2009.12.13 02:13:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SharePod [2010.06.14 22:30:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird [2010.06.03 23:38:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ubisoft [2010.07.30 12:53:25 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.07.04 22:38:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\10-Sekunden-Haushaltsbuch [2010.02.21 00:42:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Activision [2009.12.14 23:21:54 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Adobe [2009.12.13 01:46:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Apple Computer [2009.10.17 16:27:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Auslogics [2010.03.31 22:42:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canneverbe Limited [2009.12.31 15:03:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DAEMON Tools Lite [2009.12.28 03:38:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DeepBurner [2010.06.13 01:30:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\dvdcss [2010.06.05 01:29:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GetRightToGo [2010.08.08 01:45:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ [2009.10.17 14:46:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Identities [2010.07.30 18:06:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\InstallShield Installation Information [2010.07.30 03:40:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\kikin [2009.10.17 15:00:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Macromedia [2009.12.24 18:14:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Media Center Programs [2010.07.30 03:06:47 | 000,000,000 | --SD | M] -- C:\Users\*****\AppData\Roaming\Microsoft [2010.06.27 11:11:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Mozilla [2010.08.04 01:08:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\nHancer [2010.06.13 10:49:42 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\NVIDIA [2009.11.15 13:14:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org [2009.10.17 14:57:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Opera [2009.12.13 02:13:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SharePod [2010.06.14 22:30:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird [2010.06.03 23:38:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ubisoft [2010.08.01 02:35:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\vlc [2009.10.17 16:26:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Winamp [2009.10.17 15:01:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.07.30 17:55:31 | 000,331,776 | ---- | M] () -- C:\Users\*****\AppData\Roaming\InstallShield Installation Information\{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}\SetupUT3.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.08.2010 12:26:57 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 65,00 Gb Total Space | 11,31 Gb Free Space | 17,40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 400,76 Gb Total Space | 360,70 Gb Free Space | 90,00% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: *****-PC
Current User Name: *****
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1E517C0C-8542-4F8C-DA23-98BCA13CD1F4}_is1" = Haushaltsbuch Freeware 2.7
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43695674-7C8B-494D-A88D-F36C703A4993}" = VideoCAM Slim USB2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{990166FA-1ACB-4AA7-B592-4D370C7CDD1A}" = Spider-Man 3(TM)
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9CCC78EF-027E-40E0-9B61-39932C65E3FE}" = Acronis*Disk*Director*Home
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin Plugin (NO23 Edition) 2.0
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"10-Sekunden-Haushaltsbuch 5" = 10-Sekunden-Haushaltsbuch 5 5.06
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"Avi2Dvd" = Avi2Dvd 0.4.5 beta
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"DVD Shrink_is1" = DVD Shrink 3.2
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallShield_{990166FA-1ACB-4AA7-B592-4D370C7CDD1A}" = Spider-Man 3 (TM)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar
"Mozilla Thunderbird (3.0.6)" = Mozilla Thunderbird (3.0.6)
"nHancer" = nHancer
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenAL" = OpenAL
"Steam App 240" = Counter-Strike: Source
"TIPP10_is1" = TIPP10 Version 2.0.3
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.7
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4294236280-299869525-1871705385-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 31.07.2010 21:01:36 | Computer Name = *****-PC | Source = MsiInstaller | ID = 1013
Description =
Error - 01.08.2010 19:08:18 | Computer Name = *****-PC | Source = MsiInstaller | ID = 10005
Description =
Error - 05.08.2010 05:29:40 | Computer Name = *****-PC | Source = Google Update | ID = 20
Description =
Error - 05.08.2010 06:49:44 | Computer Name = *****-PC | Source = Google Update | ID = 20
Description =
Error - 06.08.2010 18:52:18 | Computer Name = *****-PC | Source = Google Update | ID = 20
Description =
Error - 07.08.2010 08:09:27 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Risen.exe, Version: 1.0.28552.0,
Zeitstempel: 0x4aafc0ab Name des fehlerhaften Moduls: FileSystem2.dll, Version: 1.0.28552.0,
Zeitstempel: 0x4aba4664 Ausnahmecode: 0x40000015 Fehleroffset: 0x00013c86 ID des fehlerhaften
Prozesses: 0x1368 Startzeit der fehlerhaften Anwendung: 0x01cb3615ccb62812 Pfad der
fehlerhaften Anwendung: F:\Games\Risen\bin\Risen.exe Pfad des fehlerhaften Moduls:
F:\Games\Risen\bin\FileSystem2.dll Berichtskennung: 9fc49e6c-a21c-11df-9321-00241d8400eb
Error - 07.08.2010 20:53:33 | Computer Name = *****-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "F:\Daten\Programme\SoftonicDownloader54031.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Error - 07.08.2010 20:56:51 | Computer Name = *****-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Manuel\Desktop\esetsmartinstaller_deu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Error - 07.08.2010 20:56:55 | Computer Name = *****-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Manuel\Desktop\esetsmartinstaller_deu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Error - 08.08.2010 06:11:06 | Computer Name = *****-PC | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 10.07.2010 04:38:28 | Computer Name =*****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 10.07.2010 18:41:38 | Computer Name =*****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 11.07.2010 05:53:56 | Computer Name =*****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 11.07.2010 17:38:58 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 12.07.2010 12:32:28 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 13.07.2010 16:44:24 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 14.07.2010 16:33:46 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 15.07.2010 12:33:09 | Computer Name =*****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 15.07.2010 13:30:39 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 16.07.2010 16:54:59 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
< End of report >
ich hoffe ihr könnt was damit anfangen Gruß Nospheratu |
|
08.08.2010, 13:17
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | seltsame Musik im Browser Trojaner? Das Fixen des MBR klappt leider nicht immer.
__________________Hast Du eine Win7-DVD zur Hand? Wenn ja, boote davon den PC. Geh dort über Systemreparatur in die Wiederherstellungskonsole. Dort eintippen bootrec.exe /fixmbr (mit enter bestätigen) dann bootrec.exe /fixboot (mit enter bestätigen) - Rechner neu starten, DVD rausnehmen und ganz normal Windows von der Platte starten. Wenns hochgefahren ist MBRCheck per Rechtsklick => als Admin ausführen starten und die Ausgabe posten.  
__________________ |
|
08.08.2010, 13:40
| #3 |
| | seltsame Musik im Browser Trojaner? vielen Dank für deine schnelle Antwort
__________________hier das neue Logfile: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 64-bit Base Board Manufacturer: Gigabyte Technology Co., Ltd. BIOS Manufacturer: Award Software International, Inc. System Manufacturer: Gigabyte Technology Co., Ltd. System Product Name: GA-MA770-UD3 Logical Drives Mask: 0x0000003d Kernel Drivers (total 190): 0x02C65000 \SystemRoot\system32\ntoskrnl.exe 0x02C1C000 \SystemRoot\system32\hal.dll 0x00BBB000 \SystemRoot\system32\kdcom.dll 0x00C15000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll 0x00C22000 \SystemRoot\system32\PSHED.dll 0x00C36000 \SystemRoot\system32\CLFS.SYS 0x00C94000 \SystemRoot\system32\CI.dll 0x00D54000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00C00000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00E94000 \SystemRoot\System32\Drivers\spfa.sys 0x00FBA000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x00FC3000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x00E00000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x00E57000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x00E61000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x0109B000 \SystemRoot\system32\DRIVERS\pci.sys 0x010CE000 \SystemRoot\System32\drivers\partmgr.sys 0x010E3000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x010F8000 \SystemRoot\System32\drivers\volmgrx.sys 0x01154000 \SystemRoot\system32\DRIVERS\pciide.sys 0x0115B000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x0116B000 \SystemRoot\System32\drivers\mountmgr.sys 0x01185000 \SystemRoot\system32\DRIVERS\atapi.sys 0x0118E000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x011B8000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x01000000 \SystemRoot\system32\drivers\fltmgr.sys 0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys 0x01234000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01424000 \SystemRoot\System32\Drivers\msrpc.sys 0x01482000 \SystemRoot\System32\Drivers\ksecdd.sys 0x0149C000 \SystemRoot\System32\Drivers\cng.sys 0x0150F000 \SystemRoot\System32\drivers\pcw.sys 0x01520000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x01624000 \SystemRoot\system32\drivers\ndis.sys 0x01716000 \SystemRoot\system32\drivers\NETIO.SYS 0x01776000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01800000 \SystemRoot\System32\drivers\tcpip.sys 0x017A1000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x0152A000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x017EB000 \SystemRoot\System32\Drivers\spldr.sys 0x01576000 \SystemRoot\system32\DRIVERS\snapman.sys 0x015BC000 \SystemRoot\System32\drivers\rdyboost.sys 0x01600000 \SystemRoot\System32\Drivers\mup.sys 0x01612000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01060000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x01400000 \SystemRoot\system32\DRIVERS\disk.sys 0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x011C3000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x015F6000 \SystemRoot\System32\Drivers\Null.SYS 0x013EA000 \SystemRoot\System32\Drivers\Beep.SYS 0x013F1000 \SystemRoot\System32\drivers\vga.sys 0x00E6E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x011ED000 \SystemRoot\System32\drivers\watchdog.sys 0x00FF2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x02C49000 \SystemRoot\system32\drivers\rdpencdd.sys 0x02C52000 \SystemRoot\system32\drivers\rdprefmp.sys 0x02C5B000 \SystemRoot\System32\Drivers\Msfs.SYS 0x02C66000 \SystemRoot\System32\Drivers\Npfs.SYS 0x02C77000 \SystemRoot\system32\DRIVERS\tdx.sys 0x02C95000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x02CA2000 \SystemRoot\System32\Drivers\avgtdia.sys 0x02CF3000 \SystemRoot\System32\DRIVERS\netbt.sys 0x02D38000 \SystemRoot\system32\drivers\afd.sys 0x02DC2000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x02DCB000 \SystemRoot\system32\DRIVERS\pacer.sys 0x02DF1000 \SystemRoot\system32\DRIVERS\netbios.sys 0x02C00000 \SystemRoot\system32\DRIVERS\serial.sys 0x02C1D000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x03E3F000 \SystemRoot\system32\DRIVERS\termdd.sys 0x03E53000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x03EA4000 \SystemRoot\system32\drivers\nsiproxy.sys 0x03EB0000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x03EBB000 \SystemRoot\System32\drivers\discache.sys 0x03ECA000 \SystemRoot\System32\Drivers\dfsc.sys 0x03EE8000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x03EF9000 \SystemRoot\System32\Drivers\avgmfx64.sys 0x03F01000 \SystemRoot\System32\Drivers\avgldx64.sys 0x03F48000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x03F6E000 \SystemRoot\system32\DRIVERS\amdppm.sys 0x03F83000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x13EBD000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x14B4F000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x040BF000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x041B3000 \SystemRoot\System32\drivers\dxgmms1.sys 0x04000000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x04032000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x0403D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x04093000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x14B51000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x14B75000 \SystemRoot\system32\DRIVERS\1394ohci.sys 0x14BB3000 \SystemRoot\System32\Drivers\a3xrqrxi.SYS 0x040A4000 \SystemRoot\system32\DRIVERS\fdc.sys 0x040B1000 \SystemRoot\system32\DRIVERS\serenum.sys 0x13E00000 \SystemRoot\system32\DRIVERS\parport.sys 0x13E1D000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x13E3B000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x04429000 \SystemRoot\system32\DRIVERS\cfosspeed.sys 0x0458D000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x0459D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x045B3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x045D7000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x13E4A000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x045E3000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x04400000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x13E79000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x13E93000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x04421000 \SystemRoot\system32\DRIVERS\swenum.sys 0x03F8C000 \SystemRoot\system32\DRIVERS\ks.sys 0x13EA2000 \SystemRoot\system32\DRIVERS\umbus.sys 0x04EFE000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x04F58000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0x04F63000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x05A0A000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x05C57000 \SystemRoot\system32\drivers\portcls.sys 0x05C94000 \SystemRoot\system32\drivers\drmk.sys 0x05CB6000 \SystemRoot\system32\drivers\ksthunk.sys 0x000A0000 \SystemRoot\System32\win32k.sys 0x05CBC000 \SystemRoot\System32\drivers\Dxapi.sys 0x05CC8000 \SystemRoot\system32\DRIVERS\udfs.sys 0x05D1C000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x05D2A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x05D43000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x05D4C000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x05D4E000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x05D5B000 \SystemRoot\System32\Drivers\crashdmp.sys 0x05D69000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x05D75000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x05D7E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x05D91000 \SystemRoot\system32\DRIVERS\monitor.sys 0x00570000 \SystemRoot\System32\TSDDD.dll 0x00610000 \SystemRoot\System32\cdd.dll 0x05D9F000 \SystemRoot\system32\drivers\luafv.sys 0x05DC2000 \SystemRoot\system32\drivers\WudfPf.sys 0x05DE3000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x04F78000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x04E00000 \SystemRoot\system32\drivers\HTTP.sys 0x04EC8000 \SystemRoot\system32\DRIVERS\bowser.sys 0x04EE6000 \SystemRoot\System32\drivers\mpsdrv.sys 0x04F90000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x0743B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x07489000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x074AC000 \SystemRoot\system32\DRIVERS\atksgt.sys 0x074FB000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0x07508000 \SystemRoot\system32\drivers\peauth.sys 0x075AE000 \SystemRoot\System32\Drivers\secdrv.SYS 0x075B9000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x075E6000 \SystemRoot\System32\drivers\tcpipreg.sys 0x08A53000 \SystemRoot\System32\DRIVERS\srv2.sys 0x08ABC000 \SystemRoot\System32\DRIVERS\srv.sys 0x08B54000 \SystemRoot\System32\Drivers\fastfat.SYS 0x770B0000 \Windows\System32\ntdll.dll 0x47E80000 \Windows\System32\smss.exe 0xFF3D0000 \Windows\System32\apisetschema.dll 0xFF6D0000 \Windows\System32\autochk.exe 0xFF370000 \Windows\System32\Wldap32.dll 0xFF340000 \Windows\System32\imm32.dll 0xFF2A0000 \Windows\System32\comdlg32.dll 0xFF290000 \Windows\System32\nsi.dll 0xFE500000 \Windows\System32\shell32.dll 0xFE430000 \Windows\System32\usp10.dll 0xFE3B0000 \Windows\System32\difxapi.dll 0xFE1A0000 \Windows\System32\ole32.dll 0xFDFC0000 \Windows\System32\setupapi.dll 0x76F90000 \Windows\System32\kernel32.dll 0xFDF50000 \Windows\System32\gdi32.dll 0xFDE40000 \Windows\System32\msctf.dll 0xFDCC0000 \Windows\System32\urlmon.dll 0xFDBE0000 \Windows\System32\advapi32.dll 0xFD980000 \Windows\System32\iertutil.dll 0xFD960000 \Windows\System32\sechost.dll 0xFD830000 \Windows\System32\wininet.dll 0xFD820000 \Windows\System32\lpk.dll 0xFD7D0000 \Windows\System32\ws2_32.dll 0xFD750000 \Windows\System32\shlwapi.dll 0xFD6B0000 \Windows\System32\clbcatq.dll 0xFD5D0000 \Windows\System32\oleaut32.dll 0x77280000 \Windows\System32\normaliz.dll 0xFD530000 \Windows\System32\msvcrt.dll 0xFD400000 \Windows\System32\rpcrt4.dll 0x77270000 \Windows\System32\psapi.dll 0x76E90000 \Windows\System32\user32.dll 0xFD3E0000 \Windows\System32\imagehlp.dll 0xFD3A0000 \Windows\System32\cfgmgr32.dll 0xFD380000 \Windows\System32\devobj.dll 0xFD340000 \Windows\System32\wintrust.dll 0xFD2D0000 \Windows\System32\KernelBase.dll 0xFD160000 \Windows\System32\crypt32.dll 0xFD0C0000 \Windows\System32\comctl32.dll 0xFD0B0000 \Windows\System32\msasn1.dll 0x763F0000 \Windows\SysWOW64\normaliz.dll Processes (total 58): 0 System Idle Process 4 System 336 C:\Windows\System32\smss.exe 488 csrss.exe 548 C:\Windows\System32\wininit.exe 568 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe 576 csrss.exe 584 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe 660 C:\Windows\System32\services.exe 668 C:\Windows\System32\lsass.exe 676 C:\Windows\System32\lsm.exe 736 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe 832 C:\Windows\System32\winlogon.exe 844 C:\Windows\System32\svchost.exe 404 C:\Windows\System32\nvvsvc.exe 868 C:\Windows\System32\svchost.exe 1076 C:\Windows\System32\svchost.exe 1156 C:\Windows\System32\svchost.exe 1200 C:\Windows\System32\svchost.exe 1268 C:\Windows\System32\audiodg.exe 1312 C:\Windows\System32\svchost.exe 1400 C:\Windows\System32\svchost.exe 1500 C:\Windows\System32\nvvsvc.exe 1576 C:\Windows\System32\spoolsv.exe 1676 C:\Windows\System32\svchost.exe 1776 C:\Windows\System32\taskhost.exe 1832 C:\Windows\System32\dwm.exe 1960 C:\Windows\explorer.exe 1360 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe 1420 C:\Program Files (x86)\Bonjour\mDNSResponder.exe 1588 C:\Program Files\cFosSpeed\spd.exe 1728 C:\Windows\System32\svchost.exe 2080 C:\Program Files\nHancer\nHancerService.exe 2104 C:\Windows\System32\taskeng.exe 2168 C:\Windows\System32\taskeng.exe 2304 C:\Program Files\cFosSpeed\cfosspeed.exe 2312 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 2336 C:\Program Files\Windows Sidebar\sidebar.exe 2416 C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe 2540 C:\Program Files (x86)\AVG\AVG9\avgtray.exe 2548 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 2796 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 2836 C:\Windows\System32\svchost.exe 2856 C:\Windows\System32\svchost.exe 2944 C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe 3184 C:\Program Files (x86)\AVG\AVG9\avgemc.exe 3240 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe 3452 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe 3624 C:\Windows\System32\SearchIndexer.exe 3948 C:\Program Files\Windows Media Player\wmpnetwk.exe 3396 C:\Windows\System32\SearchProtocolHost.exe 3500 C:\Windows\System32\SearchFilterHost.exe 3900 WmiPrvSE.exe 4040 C:\Windows\System32\svchost.exe 4248 C:\Program Files (x86)\Opera\opera.exe 1436 C:\Windows\System32\dllhost.exe 4348 C:\Users\*****\Desktop\Neuer Ordner\MBRCheck.exe 4356 C:\Windows\System32\conhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS) \\.\F: --> \\.\PhysicalDrive0 at offset 0x00000010`40100000 (NTFS) PhysicalDrive0 Model Number: ST3500418AS, Rev: CC35 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! |
|
08.08.2010, 13:41
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | seltsame Musik im Browser Trojaner?Code:
ATTFilter Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
 Hat das so problemlos geklappt mit bootrec.exe über die Win7-DVD? Vllt hast Du Anregungen zur Anleitung?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.08.2010, 13:59
| #5 |
| | seltsame Musik im Browser Trojaner? ja war kein Problem eigentlich^^ Ich hab die Win7-DVD eingelegt den Rechner danach neu gestartet, beim hochfahren hab ich Entf gedrückt. Dann erschien ein schwarzer Bildschirm und ich konnte Windows starten. Dann habe ich F8 gedrückt für eine größere Auswahl und dann konnte ich schon die Systemreperatur auswählen Meinst du die "Gefahr" ist gebannt? |
|
08.08.2010, 14:12
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | seltsame Musik im Browser Trojaner? Ich denke ja. Oder hast Du noch Probleme? Das OTL-Log sieht rel. unauffällig aus. Du kannst aber zur Kontrolle mir ein neues senden: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ --> seltsame Musik im Browser Trojaner? |
|
08.08.2010, 14:32
| #7 |
| | seltsame Musik im Browser Trojaner? Ne deitdem ich die ganzen Scans gemacht habe, ist die Musik verstummt OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.08.2010 15:14:52 - Run 2 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\*****\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 66,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 65,00 Gb Total Space | 10,73 Gb Free Space | 16,51% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 400,76 Gb Total Space | 360,66 Gb Free Space | 89,99% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *****-PC Current User Name: ***** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Manuel\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe () PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () ========== Modules (SafeList) ========== MOD - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (nHancer) -- C:\Program Files\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering) SRV:64bit: - (cFosSpeedS) -- C:\Program Files\cFosSpeed\spd.exe (cFos Software GmbH) SRV - (avg9emc) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (OS Selector) -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () ========== Driver Services (SafeList) ========== DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dllഀ File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4294236280-299869525-1871705385-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2567732 IE - HKU\S-1-5-21-4294236280-299869525-1871705385-1001\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-4294236280-299869525-1871705385-1001\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) IE - HKU\S-1-5-21-4294236280-299869525-1871705385-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.07.21 23:29:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.06.14 22:30:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2010.06.14 22:30:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-4294236280-299869525-1871705385-1001\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-4294236280-299869525-1871705385-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.08 14:16:12 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Neuer Ordner [2010.08.08 13:57:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2010.08.08 13:57:02 | 000,073,552 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2010.08.08 13:56:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2010.08.08 13:56:50 | 001,251,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2010.08.08 03:05:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2010.08.08 02:56:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2010.08.08 02:00:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.08.08 02:00:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.08.04 01:08:40 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\nHancer [2010.08.04 01:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon [2010.08.04 01:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\nHancer [2010.08.02 01:08:23 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\CAPCOM [2010.08.01 03:09:27 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Risen [2010.08.01 03:01:35 | 000,000,000 | ---D | C] -- C:\Windows\1C4551A64743409391E41477CD655043.TMP [2010.08.01 01:24:22 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Microsoft Games [2010.07.30 17:19:39 | 000,000,000 | ---D | C] -- C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP [2010.07.30 12:50:23 | 000,000,000 | ---D | C] -- C:\Windows\Acronis [2010.07.30 12:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis [2010.07.30 12:48:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis [2010.07.30 12:48:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis [2010.07.29 00:26:28 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2010.07.26 22:22:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2010.07.26 22:22:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Messenger_Plus_Live_Germany [2010.07.26 22:21:45 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Verlauf [2010.07.25 14:31:36 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Override [2010.07.25 14:04:37 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\The Witcher [2010.07.25 13:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2010.07.25 13:28:57 | 005,107,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2010.07.25 13:28:57 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2010.07.25 13:28:52 | 014,092,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2010.07.25 13:28:52 | 000,314,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll [2010.07.25 13:28:48 | 002,892,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2010.07.25 13:28:48 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2010.07.25 13:28:43 | 010,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2010.07.25 13:28:43 | 004,553,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2010.07.25 13:28:43 | 001,625,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2010.07.25 12:45:56 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\GaHero [2010.07.25 00:11:48 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Tortured Demo (Roh) [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.08 15:16:00 | 002,097,152 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT [2010.08.08 15:11:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.08 14:38:16 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.08 14:38:12 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.08 14:38:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.08 14:38:04 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2010.08.08 14:35:14 | 009,954,811 | -H-- | M] () -- C:\Users\*****\AppData\Local\IconCache.db [2010.08.08 14:25:58 | 000,002,544 | ---- | M] () -- C:\Windows\diagwrn.xml [2010.08.08 14:25:44 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml [2010.08.08 03:05:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2010.08.08 02:55:28 | 000,001,007 | ---- | M] () -- C:\Users\*****\Desktop\CCleaner.lnk [2010.08.08 02:00:05 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.01 03:00:54 | 000,000,978 | ---- | M] () -- C:\Users\*****\Desktop\Risen.exe.lnk [2010.07.30 18:06:22 | 000,000,746 | ---- | M] () -- C:\Users\Public\Desktop\Unreal Tournament 3.lnk [2010.07.30 14:42:10 | 000,000,274 | ---- | M] () -- C:\Windows\game.ini [2010.07.26 01:13:15 | 000,008,349 | ---- | M] () -- C:\Users\*****\Documents\Fingeruebung15.gp5 [2010.07.26 01:09:45 | 000,006,829 | ---- | M] () -- C:\Users\*****\Documents\Fingeruebung11.gp5 [2010.07.26 00:40:14 | 000,082,823 | ---- | M] () -- C:\Users\*****\Documents\reflection_ver2.gp3 [2010.07.25 14:31:30 | 004,091,786 | ---- | M] () -- C:\Users\*****\Documents\schwertschlag 3.rar [2010.07.25 14:21:53 | 000,668,226 | ---- | M] () -- C:\Users\*****\Documents\jData.rar [2010.07.25 13:24:45 | 958,620,489 | ---- | M] () -- C:\Users\*****\Documents\Gothic_3_Community_Patch_v1.74_Int_Full_b.zip [2010.07.25 12:43:26 | 000,037,531 | ---- | M] () -- C:\Users\*****\Documents\Tuning-Guide Tool.zip [2010.07.25 12:40:13 | 000,222,564 | ---- | M] () -- C:\Users\*****\Documents\Gametool4.2.zip [2010.07.25 00:12:09 | 000,017,148 | -HS- | M] () -- C:\Users\*****\Documents\Folder.jpg [2010.07.25 00:12:09 | 000,017,148 | -HS- | M] () -- C:\Users\*****\Documents\AlbumArt_{201A3C3C-A2A9-453D-A886-5B526629CB1C}_Large.jpg [2010.07.25 00:12:09 | 000,005,151 | -HS- | M] () -- C:\Users\*****\Documents\AlbumArtSmall.jpg [2010.07.25 00:12:09 | 000,005,151 | -HS- | M] () -- C:\Users\*****\Documents\AlbumArt_{201A3C3C-A2A9-453D-A886-5B526629CB1C}_Small.jpg [2010.07.22 21:46:47 | 002,541,072 | ---- | M] () -- C:\Users\*****\Documents\cfosspeed-x64-v452.exe [2010.07.10 00:38:00 | 014,092,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2010.07.10 00:38:00 | 010,267,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2010.07.10 00:38:00 | 009,818,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2010.07.10 00:38:00 | 005,107,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2010.07.10 00:38:00 | 004,553,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2010.07.10 00:38:00 | 002,892,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2010.07.10 00:38:00 | 002,506,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2010.07.10 00:38:00 | 001,625,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2010.07.10 00:38:00 | 000,314,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll [2010.07.10 00:38:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.08 14:25:42 | 000,002,544 | ---- | C] () -- C:\Windows\diagwrn.xml [2010.08.08 14:25:42 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml [2010.08.08 02:00:05 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.01 03:02:37 | 000,000,978 | ---- | C] () -- C:\Users\*****\Desktop\Risen.exe.lnk [2010.07.30 18:06:22 | 000,000,746 | ---- | C] () -- C:\Users\Public\Desktop\Unreal Tournament 3.lnk [2010.07.30 14:42:10 | 000,000,274 | ---- | C] () -- C:\Windows\game.ini [2010.07.26 01:13:14 | 000,008,349 | ---- | C] () -- C:\Users\*****\Documents\Fingeruebung15.gp5 [2010.07.26 01:09:45 | 000,006,829 | ---- | C] () -- C:\Users\*****\Documents\Fingeruebung11.gp5 [2010.07.26 00:40:14 | 000,082,823 | ---- | C] () -- C:\Users\*****\Documents\reflection_ver2.gp3 [2010.07.25 14:31:26 | 004,091,786 | ---- | C] () -- C:\Users\*****\Documents\schwertschlag 3.rar [2010.07.25 14:21:53 | 000,668,226 | ---- | C] () -- C:\Users\*****\Documents\jData.rar [2010.07.25 12:47:01 | 958,620,489 | ---- | C] () -- C:\Users\*****\Documents\Gothic_3_Community_Patch_v1.74_Int_Full_b.zip [2010.07.25 12:43:26 | 000,037,531 | ---- | C] () -- C:\Users\*****\Documents\Tuning-Guide Tool.zip [2010.07.25 12:40:13 | 000,222,564 | ---- | C] () -- C:\Users\*****\Documents\Gametool4.2.zip [2010.07.25 00:12:09 | 000,017,148 | -HS- | C] () -- C:\Users\*****\Documents\AlbumArt_{201A3C3C-A2A9-453D-A886-5B526629CB1C}_Large.jpg [2010.07.25 00:12:09 | 000,005,151 | -HS- | C] () -- C:\Users\*****\Documents\AlbumArt_{201A3C3C-A2A9-453D-A886-5B526629CB1C}_Small.jpg [2010.07.25 00:11:48 | 000,017,148 | -HS- | C] () -- C:\Users\*****\Documents\Folder.jpg [2010.07.25 00:11:48 | 000,005,151 | -HS- | C] () -- C:\Users\*****\Documents\AlbumArtSmall.jpg [2010.07.22 21:46:43 | 002,541,072 | ---- | C] () -- C:\Users\*****\Documents\cfosspeed-x64-v452.exe [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.01.02 13:08:01 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2009.10.17 15:55:41 | 001,526,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2002.10.06 20:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll [2002.10.05 01:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll [2002.10.05 01:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll [2002.10.05 01:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll < End of report > SRV:64bit: - (nHancer) -- C:\Program Files\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering) SRV:64bit: - (cFosSpeedS) -- C:\Program Files\cFosSpeed\spd.exe (cFos Software GmbH) SRV - (avg9emc) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (OS Selector) -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () ========== Driver Services (SafeList) ========== DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dllഀ File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4294236280-299869525-1871705385-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2567732 IE - HKU\S-1-5-21-4294236280-299869525-1871705385-1001\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-4294236280-299869525-1871705385-1001\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) IE - HKU\S-1-5-21-4294236280-299869525-1871705385-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.07.21 23:29:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.06.14 22:30:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2010.06.14 22:30:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuel\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-4294236280-299869525-1871705385-1001\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-4294236280-299869525-1871705385-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.08 14:16:12 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Neuer Ordner [2010.08.08 13:57:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2010.08.08 13:57:02 | 000,073,552 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2010.08.08 13:56:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2010.08.08 13:56:50 | 001,251,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2010.08.08 03:05:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2010.08.08 02:56:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2010.08.08 02:00:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.08.08 02:00:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.08.04 01:08:40 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\nHancer [2010.08.04 01:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon [2010.08.04 01:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\nHancer [2010.08.02 01:08:23 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\CAPCOM [2010.08.01 03:09:27 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Risen [2010.08.01 03:01:35 | 000,000,000 | ---D | C] -- C:\Windows\1C4551A64743409391E41477CD655043.TMP [2010.08.01 01:24:22 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Microsoft Games [2010.07.30 17:19:39 | 000,000,000 | ---D | C] -- C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP [2010.07.30 12:50:23 | 000,000,000 | ---D | C] -- C:\Windows\Acronis [2010.07.30 12:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis [2010.07.30 12:48:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis [2010.07.30 12:48:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis [2010.07.29 00:26:28 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2010.07.26 22:22:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2010.07.26 22:22:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Messenger_Plus_Live_Germany [2010.07.26 22:21:45 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Verlauf [2010.07.25 14:31:36 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Override [2010.07.25 14:04:37 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\The Witcher [2010.07.25 13:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2010.07.25 13:28:57 | 005,107,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2010.07.25 13:28:57 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2010.07.25 13:28:52 | 014,092,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2010.07.25 13:28:52 | 000,314,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll [2010.07.25 13:28:48 | 002,892,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2010.07.25 13:28:48 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2010.07.25 13:28:43 | 010,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2010.07.25 13:28:43 | 004,553,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2010.07.25 13:28:43 | 001,625,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2010.07.25 12:45:56 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\GaHero [2010.07.25 00:11:48 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Tortured Demo (Roh) [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.08 15:18:09 | 002,097,152 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT [2010.08.08 15:11:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.08 14:38:16 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.08 14:38:12 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.08 14:38:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.08 14:38:04 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2010.08.08 14:35:14 | 009,954,811 | -H-- | M] () -- C:\Users\*****\AppData\Local\IconCache.db [2010.08.08 14:25:58 | 000,002,544 | ---- | M] () -- C:\Windows\diagwrn.xml [2010.08.08 14:25:44 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml [2010.08.08 03:05:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2010.08.08 02:55:28 | 000,001,007 | ---- | M] () -- C:\Users\*****\Desktop\CCleaner.lnk [2010.08.08 02:00:05 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.01 03:00:54 | 000,000,978 | ---- | M] () -- C:\Users\*****\Desktop\Risen.exe.lnk [2010.07.30 18:06:22 | 000,000,746 | ---- | M] () -- C:\Users\Public\Desktop\Unreal Tournament 3.lnk [2010.07.30 14:42:10 | 000,000,274 | ---- | M] () -- C:\Windows\game.ini [2010.07.26 01:13:15 | 000,008,349 | ---- | M] () -- C:\Users\*****\Documents\Fingeruebung15.gp5 [2010.07.26 01:09:45 | 000,006,829 | ---- | M] () -- C:\Users\*****\Documents\Fingeruebung11.gp5 [2010.07.26 00:40:14 | 000,082,823 | ---- | M] () -- C:\Users\*****\Documents\reflection_ver2.gp3 [2010.07.25 14:31:30 | 004,091,786 | ---- | M] () -- C:\Users\*****\Documents\schwertschlag 3.rar [2010.07.25 14:21:53 | 000,668,226 | ---- | M] () -- C:\Users\*****\Documents\jData.rar [2010.07.25 13:24:45 | 958,620,489 | ---- | M] () -- C:\Users\*****\Documents\Gothic_3_Community_Patch_v1.74_Int_Full_b.zip [2010.07.25 12:43:26 | 000,037,531 | ---- | M] () -- C:\Users\*****\Documents\Tuning-Guide Tool.zip [2010.07.25 12:40:13 | 000,222,564 | ---- | M] () -- C:\Users\*****\Documents\Gametool4.2.zip [2010.07.25 00:12:09 | 000,017,148 | -HS- | M] () -- C:\Users\*****\Documents\Folder.jpg [2010.07.25 00:12:09 | 000,017,148 | -HS- | M] () -- C:\Users\*****\Documents\AlbumArt_{201A3C3C-A2A9-453D-A886-5B526629CB1C}_Large.jpg [2010.07.25 00:12:09 | 000,005,151 | -HS- | M] () -- C:\Users\*****\Documents\AlbumArtSmall.jpg [2010.07.25 00:12:09 | 000,005,151 | -HS- | M] () -- C:\Users\*****\Documents\AlbumArt_{201A3C3C-A2A9-453D-A886-5B526629CB1C}_Small.jpg [2010.07.22 21:46:47 | 002,541,072 | ---- | M] () -- C:\Users\*****\Documents\cfosspeed-x64-v452.exe [2010.07.10 00:38:00 | 014,092,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2010.07.10 00:38:00 | 010,267,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2010.07.10 00:38:00 | 009,818,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2010.07.10 00:38:00 | 005,107,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2010.07.10 00:38:00 | 004,553,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2010.07.10 00:38:00 | 002,892,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2010.07.10 00:38:00 | 002,506,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2010.07.10 00:38:00 | 001,625,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2010.07.10 00:38:00 | 000,314,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll [2010.07.10 00:38:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.08 14:25:42 | 000,002,544 | ---- | C] () -- C:\Windows\diagwrn.xml [2010.08.08 14:25:42 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml [2010.08.08 02:00:05 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.01 03:02:37 | 000,000,978 | ---- | C] () -- C:\Users\*****\Desktop\Risen.exe.lnk [2010.07.30 18:06:22 | 000,000,746 | ---- | C] () -- C:\Users\Public\Desktop\Unreal Tournament 3.lnk [2010.07.30 14:42:10 | 000,000,274 | ---- | C] () -- C:\Windows\game.ini [2010.07.26 01:13:14 | 000,008,349 | ---- | C] () -- C:\Users\*****\Documents\Fingeruebung15.gp5 [2010.07.26 01:09:45 | 000,006,829 | ---- | C] () -- C:\Users\*****\Documents\Fingeruebung11.gp5 [2010.07.26 00:40:14 | 000,082,823 | ---- | C] () -- C:\Users\*****\Documents\reflection_ver2.gp3 [2010.07.25 14:31:26 | 004,091,786 | ---- | C] () -- C:\Users\*****\Documents\schwertschlag 3.rar [2010.07.25 14:21:53 | 000,668,226 | ---- | C] () -- C:\Users\*****\Documents\jData.rar [2010.07.25 12:47:01 | 958,620,489 | ---- | C] () -- C:\Users\*****\Documents\Gothic_3_Community_Patch_v1.74_Int_Full_b.zip [2010.07.25 12:43:26 | 000,037,531 | ---- | C] () -- C:\Users\*****\Documents\Tuning-Guide Tool.zip [2010.07.25 12:40:13 | 000,222,564 | ---- | C] () -- C:\Users\*****\Documents\Gametool4.2.zip [2010.07.25 00:12:09 | 000,017,148 | -HS- | C] () -- C:\Users\*****\Documents\AlbumArt_{201A3C3C-A2A9-453D-A886-5B526629CB1C}_Large.jpg [2010.07.25 00:12:09 | 000,005,151 | -HS- | C] () -- C:\Users\*****\Documents\AlbumArt_{201A3C3C-A2A9-453D-A886-5B526629CB1C}_Small.jpg [2010.07.25 00:11:48 | 000,017,148 | -HS- | C] () -- C:\Users\*****\Documents\Folder.jpg [2010.07.25 00:11:48 | 000,005,151 | -HS- | C] () -- C:\Users\*****\Documents\AlbumArtSmall.jpg [2010.07.22 21:46:43 | 002,541,072 | ---- | C] () -- C:\Users\*****\Documents\cfosspeed-x64-v452.exe [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.01.02 13:08:01 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2009.10.17 15:55:41 | 001,526,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2002.10.06 20:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll [2002.10.05 01:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll [2002.10.05 01:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll [2002.10.05 01:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll < End of report > Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.08.2010 15:14:52 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Manuel\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 66,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 65,00 Gb Total Space | 10,73 Gb Free Space | 16,51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 400,76 Gb Total Space | 360,66 Gb Free Space | 89,99% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: *****-PC
Current User Name: *****
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1E517C0C-8542-4F8C-DA23-98BCA13CD1F4}_is1" = Haushaltsbuch Freeware 2.7
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43695674-7C8B-494D-A88D-F36C703A4993}" = VideoCAM Slim USB2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{990166FA-1ACB-4AA7-B592-4D370C7CDD1A}" = Spider-Man 3(TM)
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9CCC78EF-027E-40E0-9B61-39932C65E3FE}" = Acronis*Disk*Director*Home
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin Plugin (NO23 Edition) 2.0
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"10-Sekunden-Haushaltsbuch 5" = 10-Sekunden-Haushaltsbuch 5 5.06
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"Avi2Dvd" = Avi2Dvd 0.4.5 beta
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"DVD Shrink_is1" = DVD Shrink 3.2
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallShield_{990166FA-1ACB-4AA7-B592-4D370C7CDD1A}" = Spider-Man 3 (TM)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar
"Mozilla Thunderbird (3.0.6)" = Mozilla Thunderbird (3.0.6)
"nHancer" = nHancer
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenAL" = OpenAL
"Steam App 240" = Counter-Strike: Source
"TIPP10_is1" = TIPP10 Version 2.0.3
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.7
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4294236280-299869525-1871705385-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 01.08.2010 19:08:18 | Computer Name = *****-PC | Source = MsiInstaller | ID = 10005
Description =
Error - 05.08.2010 05:29:40 | Computer Name = *****-PC | Source = Google Update | ID = 20
Description =
Error - 05.08.2010 06:49:44 | Computer Name = *****-PC | Source = Google Update | ID = 20
Description =
Error - 06.08.2010 18:52:18 | Computer Name = *****-PC | Source = Google Update | ID = 20
Description =
Error - 07.08.2010 08:09:27 | Computer Name =*****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Risen.exe, Version: 1.0.28552.0,
Zeitstempel: 0x4aafc0ab Name des fehlerhaften Moduls: FileSystem2.dll, Version: 1.0.28552.0,
Zeitstempel: 0x4aba4664 Ausnahmecode: 0x40000015 Fehleroffset: 0x00013c86 ID des fehlerhaften
Prozesses: 0x1368 Startzeit der fehlerhaften Anwendung: 0x01cb3615ccb62812 Pfad der
fehlerhaften Anwendung: F:\Games\Risen\bin\Risen.exe Pfad des fehlerhaften Moduls:
F:\Games\Risen\bin\FileSystem2.dll Berichtskennung: 9fc49e6c-a21c-11df-9321-00241d8400eb
Error - 07.08.2010 20:53:33 | Computer Name = *****-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "F:\Daten\Programme\SoftonicDownloader54031.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Error - 07.08.2010 20:56:51 | Computer Name = *****-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Manuel\Desktop\esetsmartinstaller_deu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Error - 07.08.2010 20:56:55 | Computer Name = *****-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Manuel\Desktop\esetsmartinstaller_deu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Error - 08.08.2010 06:11:06 | Computer Name = *****-PC | Source = Google Update | ID = 20
Description =
Error - 08.08.2010 08:38:41 | Computer Name = *****-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Manuel\Desktop\Neuer
Ordner\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei ""
in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
[ System Events ]
Error - 10.07.2010 04:38:28 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 10.07.2010 18:41:38 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 11.07.2010 05:53:56 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 11.07.2010 17:38:58 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 12.07.2010 12:32:28 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 13.07.2010 16:44:24 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 14.07.2010 16:33:46 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 15.07.2010 12:33:09 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 15.07.2010 13:30:39 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 16.07.2010 16:54:59 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
< End of report >
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM) "{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen "{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60 "{1E517C0C-8542-4F8C-DA23-98BCA13CD1F4}_is1" = Haushaltsbuch Freeware 2.7 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16 "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20 "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64) "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{43695674-7C8B-494D-A88D-F36C703A4993}" = VideoCAM Slim USB2 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{990166FA-1ACB-4AA7-B592-4D370C7CDD1A}" = Spider-Man 3(TM) "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9CCC78EF-027E-40E0-9B61-39932C65E3FE}" = Acronis*Disk*Director*Home "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin Plugin (NO23 Edition) 2.0 "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG) "10-Sekunden-Haushaltsbuch 5" = 10-Sekunden-Haushaltsbuch 5 5.06 "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AVG9Uninstall" = AVG Free 9.0 "Avi2Dvd" = Avi2Dvd 0.4.5 beta "AviSynth" = AviSynth 2.5 "CCleaner" = CCleaner "DVD Shrink_is1" = DVD Shrink 3.2 "ESET Online Scanner" = ESET Online Scanner v3 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "Guitar Pro 5_is1" = Guitar Pro 5.2 "InstallShield_{990166FA-1ACB-4AA7-B592-4D370C7CDD1A}" = Spider-Man 3 (TM) "JDownloader" = JDownloader "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Messenger Plus! Live" = Messenger Plus! Live "Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar "Mozilla Thunderbird (3.0.6)" = Mozilla Thunderbird (3.0.6) "nHancer" = nHancer "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OggDS" = Direct Show Ogg Vorbis Filter (remove only) "OpenAL" = OpenAL "Steam App 240" = Counter-Strike: Source "TIPP10_is1" = TIPP10 Version 2.0.3 "Uninstall_is1" = Uninstall 1.0.0.1 "Unlocker" = Unlocker 1.8.7 "VLC media player" = VLC media player 1.0.3 "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4294236280-299869525-1871705385-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 01.08.2010 19:08:18 | Computer Name = *****-PC | Source = MsiInstaller | ID = 10005 Description = Error - 05.08.2010 05:29:40 | Computer Name = *****-PC | Source = Google Update | ID = 20 Description = Error - 05.08.2010 06:49:44 | Computer Name = *****-PC | Source = Google Update | ID = 20 Description = Error - 06.08.2010 18:52:18 | Computer Name = *****-PC | Source = Google Update | ID = 20 Description = Error - 07.08.2010 08:09:27 | Computer Name = Manuel-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Risen.exe, Version: 1.0.28552.0, Zeitstempel: 0x4aafc0ab Name des fehlerhaften Moduls: FileSystem2.dll, Version: 1.0.28552.0, Zeitstempel: 0x4aba4664 Ausnahmecode: 0x40000015 Fehleroffset: 0x00013c86 ID des fehlerhaften Prozesses: 0x1368 Startzeit der fehlerhaften Anwendung: 0x01cb3615ccb62812 Pfad der fehlerhaften Anwendung: F:\Games\Risen\bin\Risen.exe Pfad des fehlerhaften Moduls: F:\Games\Risen\bin\FileSystem2.dll Berichtskennung: 9fc49e6c-a21c-11df-9321-00241d8400eb Error - 07.08.2010 20:53:33 | Computer Name = *****-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "F:\Daten\Programme\SoftonicDownloader54031.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest. Error - 07.08.2010 20:56:51 | Computer Name = *****-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Manuel\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest. Error - 07.08.2010 20:56:55 | Computer Name = *****-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Manuel\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest. Error - 08.08.2010 06:11:06 | Computer Name = *****-PC | Source = Google Update | ID = 20 Description = Error - 08.08.2010 08:38:41 | Computer Name = *****-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Manuel\Desktop\Neuer Ordner\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest. [ System Events ] Error - 10.07.2010 04:38:28 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 10.07.2010 18:41:38 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 11.07.2010 05:53:56 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 11.07.2010 17:38:58 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 12.07.2010 12:32:28 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 13.07.2010 16:44:24 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 14.07.2010 16:33:46 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 15.07.2010 12:33:09 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 15.07.2010 13:30:39 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 16.07.2010 16:54:59 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 < End of report > Gruß Geändert von Nospheratu (08.08.2010 um 14:53 Uhr) |
|
08.08.2010, 14:59
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | seltsame Musik im Browser Trojaner? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.08.2010, 15:53
| #9 |
| | seltsame Musik im Browser Trojaner? Hier das Malewarebytes Log: PHP-Code: |
|
08.08.2010, 16:19
| #10 |
| | seltsame Musik im Browser Trojaner? Superantispyware kann ich erst Morgen posten Gruß Nospheratu |
|
09.08.2010, 22:13
| #11 |
| | seltsame Musik im Browser Trojaner? Mein Pc läuft wieder toll (= Hab eben SUPERAntiSpyware durchlaufen lassen, hat bis auf en paar cookies nichts gefunden. Leider wurde auch kein Logfile erstellt  Ich danke Dir vielmals für deine Hilfe  Gruß Nospheratu |
|
09.08.2010, 22:25
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | seltsame Musik im Browser Trojaner? Wenn nur Cookies da waren brauch ich das Log nicht unbedingt. Andere Funde hätten mich auch überrascht. Gut, dann bitte die Updates prüfen, unten mein Leitfaden dazu. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.08.2010, 21:04
| #13 |
| | seltsame Musik im Browser Trojaner? Alles klar, hab ich erledigt.. vielen Dank für den Tipp |
|
| Themen zu seltsame Musik im Browser Trojaner? |
| 4d36e972-e325-11ce-bfc1-08002be10318, avg free, bho, bonjour, browser, c:\windows\system32\rundll32.exe, cdburnerxp, codes, components, computer, continue, converter, desktop, einstellungen, error, flash player, google, home, home premium, install.exe, installation, jdownloader, location, locker, logfile, manuel, media center, mozilla, mozilla thunderbird, mp3, msiinstaller, musik, nvstor.sys, oldtimer, otl.exe, plug-in, problem, programdata, realtek, registry, richtlinie, rundll, saver, server, shortcut, software, staropen, start menu, syswow64, trojaner, trojaner?, unknown mbr, vlc media player, webcheck, wrapper |
Linear-Darstellung
