| |
| |||||||
Log-Analyse und Auswertung: udp-network attack , kis datenbank defekt ,vista startet nicht dhcp-client nun sys wiederhergestelltWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.08.2010, 16:48
| #1 |
| |  udp-network attack , kis datenbank defekt ,vista startet nicht dhcp-client nun sys wiederhergestellt Hallo liebe TB user und mods ect. Ich versuch mich kurz zu fassen.: Ich schaute zu später stunde ein paar "feminiene Bilder im web an als plötzlich kis(cbe) anschlug wegen einem udp network angriff ...... alles war noch ok bis ich am nächsten tag den pc starten wollte wurde der dhcp-client nichtr mit gestartet wodurch (vista) die uhr oben rechts nicht mehr angezeigt wurde und die browser nicht mehr funktionierten... probiert probiert letztendlich beim 2ten versuch klappte die systemwiederherstellung und dann war aber kis die daten bak defekt und lies sich nicht updaten bzw reparieren. Also neues kis11 gekauft und alles geht wieder aber ich habe trotzallem massive netzwerk und cpu verbräuche. Ich habe alles aus dem TB tut befolgt und poste hier nun meine logs. :Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4424 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 13.08.2010 16:57:50 mbam-log-2010-08-13 (16-57-50).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 129062 Laufzeit: 5 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) und der andere: RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by ******* at 2010-08-13 17:00:44 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 197 GB (41%) free of 477 GB Total RAM: 3582 MB (60% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:00:57, on 13.08.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\TrueCrypt\TrueCrypt.exe C:\Program Files\ICQ7.1\ICQ.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\mobsync.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conime.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe C:\Windows\system32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\********\Downloads\++TB tut\RSIT.exe C:\Program Files\trend micro\******.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.c*m/fwlink/?LinkId=***** R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.c***********************ream/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=***** R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=5**** R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=5***** R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=6**** R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: MessengerPlusLive Germany TB Toolbar - {*********************** - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18***81C-E8A*-4*83-A596-FA5*8C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Messenger Plus Live Germany Toolbar - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll O2 - BHO: MessengerPlusLive Germany TB Toolbar - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-402-4AF-8EC-516476863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE85869-2E5C-4ED4-87B-F1F7851A497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-4A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O3 - Toolbar: ICQToolBar - {855F316-6D32-4FE6-8A56-BB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: Messenger Plus Live Germany Toolbar - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll O3 - Toolbar: MessengerPlusLive Germany TB Toolbar - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Geräteerkennung) - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - hxxp://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444552540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe -- End of file - 10428 bytes ======Scheduled tasks folder====== C:\Windows\tasks\1-Klick-Wartung.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\User_Feed_Synchronization-{D2B5F805-A34C-4DB9-90CF-084D78278A84}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{542e4d79-1970-4e95-9862-fdb96f61b280}] Messenger Plus Live Germany Toolbar - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll [2010-04-15 2515552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll [2010-05-07 68280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76aeea42-e04a-4b62-83ab-df4b2be2541e}] MessengerPlusLive Germany TB Toolbar - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll [2010-06-13 2734688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}] FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [2010-08-05 191160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-03-28 1017592] {542e4d79-1970-4e95-9862-fdb96f61b280} - Messenger Plus Live Germany Toolbar - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll [2010-04-15 2515552] {76aeea42-e04a-4b62-83ab-df4b2be2541e} - MessengerPlusLive Germany TB Toolbar - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll [2010-06-13 2734688] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] "AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208] "SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] "AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992] "NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-12-02 2221352] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-02-25 37888] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-05-07 344736] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-12-12 1840424] "Steam"=C:\Program Files\Steam\Steam.exe [2010-06-04 1238352] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080] "TrueCrypt"=C:\Program Files\TrueCrypt\TrueCrypt.exe [2010-07-25 1492944] "ICQ"=C:\Program Files\ICQ7.1\ICQ.exe [2010-08-09 133432] C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\Windows\system32\klogon.dll [2010-05-07 228024] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-08-13 17:00:44 ----D---- C:\rsit 2010-08-13 17:00:44 ----D---- C:\Program Files\trend micro 2010-08-13 16:51:45 ----D---- C:\Users\********\AppData\Roaming\Malwarebytes 2010-08-13 16:51:19 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-08-13 16:51:18 ----D---- C:\ProgramData\Malwarebytes 2010-08-13 16:51:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-08-13 16:51:17 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-08-13 16:42:39 ----D---- C:\Program Files\CCleaner 2010-08-12 14:41:58 ----A---- C:\Windows\system32\iertutil.dll 2010-08-12 14:41:57 ----A---- C:\Windows\system32\mshtml.dll 2010-08-12 14:41:57 ----A---- C:\Windows\system32\ieframe.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\wininet.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\urlmon.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\occache.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\mstime.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\msfeedssync.exe 2010-08-12 14:41:56 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\msfeeds.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\jsproxy.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\ieUnatt.exe 2010-08-12 14:41:56 ----A---- C:\Windows\system32\ieui.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\iesysprep.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\iesetup.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\iernonce.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\iepeers.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\iedkcs32.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\ie4uinit.exe 2010-08-12 14:41:55 ----A---- C:\Windows\system32\iccvid.dll 2010-08-12 14:41:54 ----A---- C:\Windows\system32\schannel.dll 2010-08-12 14:41:49 ----A---- C:\Windows\system32\win32k.sys 2010-08-12 14:41:43 ----A---- C:\Windows\system32\rtutils.dll 2010-08-12 14:41:34 ----A---- C:\Windows\system32\ntoskrnl.exe 2010-08-12 14:41:34 ----A---- C:\Windows\system32\ntkrnlpa.exe 2010-08-12 14:41:31 ----A---- C:\Windows\system32\msxml3.dll 2010-08-12 14:41:28 ----A---- C:\Windows\system32\drivers\srv2.sys 2010-08-12 14:41:28 ----A---- C:\Windows\system32\drivers\srv.sys 2010-08-12 14:41:27 ----A---- C:\Windows\system32\drivers\tcpip.sys 2010-08-09 11:07:50 ----A---- C:\Windows\system32\javaws.exe 2010-08-09 11:07:50 ----A---- C:\Windows\system32\javaw.exe 2010-08-09 11:07:50 ----A---- C:\Windows\system32\java.exe 2010-08-08 19:41:56 ----D---- C:\Users\*******\AppData\Roaming\mIRC 2010-08-08 19:41:56 ----D---- C:\Program Files\mIRC 2010-08-08 15:15:40 ----D---- C:\Program Files\Daedalic Entertainment 2010-08-05 22:10:20 ----D---- C:\Program Files\MessengerPlusLive_Germany_TB 2010-08-05 14:34:49 ----D---- C:\Program Files\Kaspersky Lab 2010-08-05 14:34:25 ----A---- C:\Windows\system32\drivers\klif.sys 2010-08-05 14:22:33 ----D---- C:\ProgramData\Kaspersky Lab Setup Files 2010-08-05 13:58:52 ----A---- C:\Windows\system32\shell32.dll 2010-08-01 13:56:41 ----A---- C:\Windows\system32\XAudio2_7.dll 2010-08-01 13:56:41 ----A---- C:\Windows\system32\XAPOFX1_5.dll 2010-08-01 13:56:40 ----A---- C:\Windows\system32\xactengine3_7.dll 2010-08-01 13:56:40 ----A---- C:\Windows\system32\D3DX9_43.dll 2010-08-01 13:56:40 ----A---- C:\Windows\system32\d3dx11_43.dll 2010-08-01 13:56:40 ----A---- C:\Windows\system32\d3dx10_43.dll 2010-08-01 13:56:40 ----A---- C:\Windows\system32\d3dcsx_43.dll 2010-08-01 13:56:40 ----A---- C:\Windows\system32\D3DCompiler_43.dll 2010-08-01 13:56:39 ----A---- C:\Windows\system32\XAudio2_6.dll 2010-08-01 13:56:39 ----A---- C:\Windows\system32\XAudio2_5.dll 2010-08-01 13:56:39 ----A---- C:\Windows\system32\XAPOFX1_4.dll 2010-08-01 13:56:39 ----A---- C:\Windows\system32\xactengine3_6.dll 2010-08-01 13:56:39 ----A---- C:\Windows\system32\X3DAudio1_7.dll 2010-08-01 13:56:38 ----A---- C:\Windows\system32\xactengine3_5.dll 2010-08-01 13:56:38 ----A---- C:\Windows\system32\d3dx11_42.dll 2010-08-01 13:56:38 ----A---- C:\Windows\system32\d3dx10_42.dll 2010-08-01 13:56:38 ----A---- C:\Windows\system32\d3dcsx_42.dll 2010-08-01 13:56:38 ----A---- C:\Windows\system32\D3DCompiler_42.dll 2010-08-01 13:56:37 ----A---- C:\Windows\system32\D3DX9_42.dll 2010-08-01 13:56:35 ----A---- C:\Windows\system32\XAPOFX1_3.dll 2010-08-01 13:56:32 ----A---- C:\Windows\system32\XAudio2_3.dll 2010-08-01 13:56:32 ----A---- C:\Windows\system32\XAPOFX1_2.dll 2010-08-01 13:56:31 ----A---- C:\Windows\system32\XAudio2_2.dll 2010-08-01 13:56:31 ----A---- C:\Windows\system32\XAPOFX1_1.dll 2010-08-01 13:56:31 ----A---- C:\Windows\system32\xactengine3_3.dll 2010-08-01 13:56:31 ----A---- C:\Windows\system32\X3DAudio1_5.dll 2010-08-01 13:56:30 ----A---- C:\Windows\system32\xactengine3_2.dll 2010-08-01 13:51:11 ----D---- C:\Program Files\Paradox Interactive 2010-07-29 23:22:49 ----D---- C:\Windows\system32\Adobe 2010-07-29 19:57:45 ----D---- C:\ProgramData\Zylom 2010-07-25 17:41:01 ----D---- C:\ProgramData\TrueCrypt 2010-07-25 17:31:46 ----D---- C:\Program Files\Debugging Tools for Windows (x86) 2010-07-25 16:59:45 ----D---- C:\Users\******\AppData\Roaming\TrueCrypt 2010-07-25 16:54:20 ----A---- C:\Windows\system32\drivers\truecrypt.sys 2010-07-25 16:53:56 ----D---- C:\Program Files\TrueCrypt 2010-07-24 15:04:11 ----D---- C:\Program Files\DAMN NFO Viewer 2010-07-23 17:01:00 ----D---- C:\ProgramData\Kaspersky Lab 2010-07-21 17:53:11 ----A---- C:\Windows\system32\devil.dll 2010-07-21 17:53:11 ----A---- C:\Windows\system32\avisynth.dll 2010-07-21 17:53:04 ----A---- C:\Windows\system32\yv12vfw.dll 2010-07-21 17:53:04 ----A---- C:\Windows\system32\i420vfw.dll 2010-07-21 17:53:04 ----A---- C:\Windows\system32\AVSredirect.dll 2010-07-21 17:53:03 ----D---- C:\Program Files\AviSynth 2.5 2010-07-21 17:52:19 ----RSH---- C:\Windows\system32\nbDX.dll 2010-07-21 17:52:19 ----RSH---- C:\Windows\system32\msfDX.dll 2010-07-21 17:52:18 ----RSH---- C:\Windows\system32\flvDX.dll 2010-07-21 17:51:59 ----D---- C:\Program Files\eRightSoft 2010-07-21 11:24:02 ----D---- C:\Users\***AppData\Roaming\HU2011 2010-07-21 11:20:33 ----D---- C:\Program Files\Hunting Unlimited 2011 2010-07-14 20:09:13 ----D---- C:\Program Files\Ubisoft 2010-07-14 17:50:36 ----D---- C:\Program Files\vixy.net 2010-07-14 17:28:22 ----D---- C:\Users\****\AppData\Roaming\streamripper 2010-07-14 17:20:51 ----D---- C:\Program Files\Streamripper 2010-07-14 17:11:56 ----D---- C:\Program Files\Common Files\PX Storage Engine 2010-07-14 17:11:55 ----D---- C:\Users\*****\AppData\Roaming\Winamp 2010-07-14 17:11:55 ----D---- C:\Program Files\Winamp ======List of files/folders modified in the last 1 months====== 2010-08-13 17:00:57 ----D---- C:\Windows\Prefetch 2010-08-13 17:00:49 ----D---- C:\Windows\Temp 2010-08-13 17:00:44 ----RD---- C:\Program Files 2010-08-13 17:00:08 ----D---- C:\Users\******\AppData\Roaming\Skype 2010-08-13 16:51:19 ----D---- C:\Windows\system32\drivers 2010-08-13 16:51:18 ----HD---- C:\ProgramData 2010-08-13 16:46:52 ----D---- C:\ProgramData\Spybot - Search & Destroy 2010-08-13 16:46:43 ----D---- C:\Windows\Minidump 2010-08-13 16:46:43 ----D---- C:\Windows\Debug 2010-08-13 16:46:43 ----D---- C:\Windows 2010-08-13 16:13:04 ----D---- C:\Windows\System32 2010-08-13 16:13:04 ----D---- C:\Windows\inf 2010-08-13 16:13:04 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-08-13 16:12:36 ----SHD---- C:\System Volume Information 2010-08-13 16:07:31 ----D---- C:\Users\******\AppData\Roaming\skypePM 2010-08-13 16:07:30 ----D---- C:\Users\*******\AppData\Roaming\ICQ 2010-08-13 16:07:09 ----D---- C:\Program Files\Steam 2010-08-12 17:12:46 ----D---- C:\Windows\Microsoft.NET 2010-08-12 17:12:25 ----RSD---- C:\Windows\assembly 2010-08-12 17:10:28 ----D---- C:\Windows\winsxs 2010-08-12 17:00:47 ----D---- C:\Program Files\ICQ7.1 2010-08-12 16:56:36 ----D---- C:\Windows\system32\migration 2010-08-12 16:56:36 ----D---- C:\Program Files\Movie Maker 2010-08-12 16:56:36 ----D---- C:\Program Files\Internet Explorer 2010-08-12 14:47:23 ----D---- C:\Windows\system32\catroot 2010-08-12 14:47:18 ----D---- C:\Program Files\Windows Mail 2010-08-12 14:41:14 ----D---- C:\Windows\system32\catroot2 2010-08-11 14:36:16 ----D---- C:\ProgramData\PopCap Games 2010-08-11 14:36:16 ----D---- C:\Program Files\PopCap Games 2010-08-11 14:29:35 ----D---- C:\Program Files\JDownloader 2010-08-09 11:08:34 ----SHD---- C:\Windows\Installer 2010-08-09 11:07:47 ----D---- C:\Program Files\Java 2010-08-07 09:16:42 ----D---- C:\Users\******\AppData\Roaming\Adobe 2010-08-05 22:09:52 ----D---- C:\Program Files\Messenger Plus! Live 2010-08-05 13:44:56 ----D---- C:\Windows\system32\Msdtc 2010-08-05 13:44:50 ----D---- C:\Windows\system32\wbem 2010-08-05 11:24:06 ----D---- C:\Windows\system32\config 2010-08-05 11:23:59 ----D---- C:\Windows\Tasks 2010-08-05 11:23:59 ----D---- C:\Windows\system32\Tasks 2010-08-05 11:23:59 ----D---- C:\Windows\system32\spool 2010-08-05 11:23:58 ----D---- C:\Windows\registration 2010-08-03 20:09:32 ----A---- C:\Windows\system32\mrt.exe 2010-08-03 16:57:00 ----D---- C:\Windows\SoftwareDistribution 2010-08-01 15:54:57 ----A---- C:\Windows\NeroDigital.ini 2010-08-01 14:39:13 ----SD---- C:\Users\*******\AppData\Roaming\Microsoft 2010-07-30 09:36:48 ----SD---- C:\Windows\Downloaded Program Files 2010-07-29 21:21:00 ----SD---- C:\ProgramData\Microsoft 2010-07-29 12:40:19 ----D---- C:\Program Files\Windows Live Safety Center 2010-07-21 17:53:02 ----RSD---- C:\Windows\Fonts 2010-07-21 11:20:32 ----HD---- C:\Program Files\InstallShield Installation Information 2010-07-17 05:00:04 ----A---- C:\Windows\system32\deployJava1.dll 2010-07-14 17:11:56 ----D---- C:\Program Files\Common Files ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 KL1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2010-05-07 132184] R0 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2010-07-25 230736] R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2010-08-05 475224] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2010-04-22 22104] R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544] R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984] R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 116736] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-04-03 11573800] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-12-20 234016] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S1 kl2;kl2; C:\Windows\system32\DRIVERS\kl2.sys [2010-05-07 132184] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2007-09-07 27672] S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-06-26 15600] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AVP;Kaspersky Anti-Virus Service; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-05-07 344736] R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-12-02 877864] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-03 129640] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920] R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2010-05-26 603904] R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504] R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-12-12 537896] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-16 136176] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-16 316664] S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2010-05-26 362240] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] -----------------EOF----------------- Ich hoffe alles richtig gemacht zu haben und stehe gern bereit eventuelle fragen zu beantworten Ich bendanke mich auch jetzt schon mal bei allen die die logs "durchforsten" Mfg euer heumann  |
|
13.08.2010, 18:13
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | udp-network attack , kis datenbank defekt ,vista startet nicht dhcp-client nun sys wiederhergestelltZitat:
Im übrigen sind auch Personal-Firewalls bzw. SecuritySuites sinnfrei bis kontraproduktiv. Lies einfach mal hier, ich denke dann sollte es etwas klarer werden: Die Vertrauensbrecher c't Editorial über Internet Security Suites und warum sie idR nichts taugen Oberthal online: Personal Firewalls: Sinnvoll oder sinnfrei? personal firewalls ? Wiki ? ubuntuusers.de NT-Dienste sicher konfigurieren und abschalten (Windows 2000/XP) - www.ntsvcfg.de microsoft.public.de.security.heimanwender FAQ Dann wirst Du feststellen, dass es einfach nur unnötig ist, sich das System mit einer weiteren "Schutzkomponente" zu verhunzen...  Malwarebefall vermeiden kannst Du sowieso nur, wenn Du selbst Dein verhalten in den Griff bekommst => Kompromittierung unvermeidbar?
__________________ |
|
13.08.2010, 18:44
| #3 | |||||
| | udp-network attack , kis datenbank defekt ,vista startet nicht dhcp-client nun sys wiederhergestelltZitat:
Zitat:
Zitat:
 wie du in den logs bestimmt gesehen hast habe ich kein(kaum) mist auf meinem sys.Also ich hab das screen anscheinend durch die systemwiederherstellung verloren. EDIT: hier das vista problem bericht dingens: Zitat:
Zitat:
Geändert von heumann (13.08.2010 um 18:52 Uhr) |
|
13.08.2010, 18:54
| #4 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | udp-network attack , kis datenbank defekt ,vista startet nicht dhcp-client nun sys wiederhergestelltZitat:
 Zitat:
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.08.2010, 19:04
| #5 | |||
| | udp-network attack , kis datenbank defekt ,vista startet nicht dhcp-client nun sys wiederhergestelltZitat:
Zitat:
Zitat:
Ok das werde ich als nächstes machen |
|
13.08.2010, 19:07
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | udp-network attack , kis datenbank defekt ,vista startet nicht dhcp-client nun sys wiederhergestelltZitat:
 Bevor Du einen Vollscan startest, bitte Malwarebytes aktualisieren, die bringen tw. mehrmals am Tag Updates raus!
__________________ --> udp-network attack , kis datenbank defekt ,vista startet nicht dhcp-client nun sys wiederhergestellt |
|
13.08.2010, 19:27
| #7 | |
| | udp-network attack , kis datenbank defekt ,vista startet nicht dhcp-client nun sys wiederhergestelltZitat:
1. OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.08.2010 20:06:35 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\******\Downloads\++TB tut
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 190,96 Gb Free Space | 41,00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931,28 Gb Total Space | 508,35 Gb Free Space | 54,59% Space Free | Partition Type: FAT32
Drive G: | 495,15 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 489,25 Mb Total Space | 343,39 Mb Free Space | 70,19% Space Free | Partition Type: FAT
I: Drive not present or media not loaded
Computer Name: ******
Current User Name: ******
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1453348168-676586631-1407122209-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008AE73F-28DA-4024-960A-481C24B82D97}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0C97598F-3FC8-4593-B250-8608625BF24A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3F3D8228-AC55-4439-B13F-AD26C6BBB932}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{40C6D731-1254-449B-977C-AE8635267176}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88BECE22-8119-4E6F-8F85-204DF6897EC9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FA6D7BD-44C3-45BD-9540-44FA3C8A02AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B09084AF-48E3-4949-9007-7F1D06CDB127}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B1B3FA22-C3C7-4451-940B-247230E55999}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B8F50036-EB80-4A2F-9850-4E5086F4DA24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C398FA1A-BF8B-414F-B751-D7D99E8995FA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DBF09A5F-5AA3-4921-A7BE-6FBBA318B64B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D94AD8-51EE-4431-B2A6-CEBB82181603}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{05B1DE72-2DEB-4FC3-876C-8CC516658AF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{07CA229F-D1BC-463B-800A-E01E0FF856BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B556006-E40C-4BB1-B6A8-D0780AADC633}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B856A42-8C4C-4B9C-8268-539D8F69EC7B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0CFFCD86-63A2-41E3-AB9B-8424CA070F78}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{13421BB2-86B3-462D-AF51-3BAAEF523505}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{14E3CD12-B3E2-4A80-BB50-60E74C6C4947}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20444B07-77A0-4CBA-813B-E2E2388E17AB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{212F7EC4-EE0A-4E37-9122-E7E07FAB9F6A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{215905D1-D4D9-495F-9A47-C29B68FD05F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{25151CE2-69CF-40AC-9040-E771C2C1958B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2522BC4F-229B-4617-ADD3-997E074161F3}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{2601297A-8FE7-4E81-AA9A-5893147B00DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{27606E9F-AD62-4472-B7E6-389BC1EC03DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2B7FBF17-60EC-4A7D-A858-2BB6EA05A5F6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D99F34E-A1AE-4C00-BC8F-B85E3844A805}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{32EBAD43-2497-4C92-AFC0-9EBC2C6E7BC6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{363C2D13-EA76-4043-A24C-DA762D29EE13}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38D5FFB3-0A2A-47B3-830F-7E8659E5D63C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{394A679C-35B9-4A20-8D32-1EFF7357C913}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{39BEA247-23EE-44D8-8BEE-3638022D47CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A7C4533-8096-4864-9D3A-E6465AF950F9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{402007E9-B344-4D2E-AFED-73DBC28A97B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{402E96F7-4F80-4706-ABB2-813D3C7FED4B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{42E880FD-ACC2-4F02-A7FA-950AE8314277}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E0ECBAC-3133-4735-9ECF-9DD4945EF4CA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E1117ED-6722-46E3-9A72-7BCAEC55954C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4FCC05A1-8F50-449A-8216-78DC10C4C4D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{51477613-BC84-48BA-97FD-7732A68C9FA8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{51866763-DAC0-41F6-B5CC-F49809844725}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{53FFEA1D-6A42-4B86-A11E-2BF0E3366E6A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{550DF1B1-4AE2-413B-99F7-7201A81E9EFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A99CB4A-9421-4193-8C88-C87800315AC1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5B4C3231-DB17-44FB-B032-6E6299D5C83D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C33DE54-BCF6-4E8B-A2F0-3A0CF3B70CBE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D5F9B69-2D73-42AB-A7A6-806AD15156C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F54DA4C-C8EA-4508-AA1D-6FD552977A8B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{6154CD38-CB58-4C13-ABEC-F9766608D713}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6AD28B4E-3DF9-43D4-868A-85D41438EAFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C9EDD37-69C0-41E4-97B0-E01504F55846}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D652298-9084-42FC-ADB5-F0F194CA45B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73CE17A3-14B3-4DF4-BA39-EC3327A97FE9}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{77200405-920F-4FA4-98AF-DFCFCEAFC6AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{783DA7DD-2921-4755-8F04-C4A75196206E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78431DD4-4E29-4BEF-B85C-3E4731C98516}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{796D6838-04D2-4353-9791-CB67FCE1581B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7E0215AD-9935-4F46-BC21-2AD90057599A}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{80A78852-00A0-41B6-AB13-2DC3CB0D67AA}" = protocol=6 | dir=in | app=c:\program files\ubisoft\demo\james cameron's avatar - das spiel (demo)\bin\avatardemo.exe |
"{8DA36623-07A6-4C89-8A80-27B25C834C2D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8FC87FD9-C824-4AAE-B76D-F1A29B6EF18B}" = protocol=6 | dir=out | app=system |
"{8FF5C61F-0F4A-4917-8E4C-E35941FCBA42}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{949C80A1-3544-4A4E-8DE6-82D13D0276EE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{956FDE1B-AB4D-4EE7-BF6E-28E9EE70A057}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{96DA1DED-9430-434A-A528-3E8B992AE4A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A58C291-5B0C-493E-BC89-0FDBB5BD0BDB}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{9B8FEA66-B467-47A8-B7F4-D290ACC6AC5F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{9BD05731-3DCB-41AC-991D-A05FE2B12FD4}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{9BD7CD8D-90B9-49F9-8869-94B1B5D54359}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9C6D6BFD-8894-4EEA-9F44-DF2122B98AA6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A3ACD2F6-3C9F-4E4A-A332-15106D000D99}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A5B43722-33B0-4B24-B369-0E5A1F38F54F}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{A6422D40-95DA-47BF-BDDC-044E633CE558}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{AA478EC2-7837-473A-B200-2DAEFAAD9017}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{AC0D81BF-28BF-44BB-B0BD-FF4046E2B652}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AE146071-053E-4122-BF51-15BE6277499A}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{B088B86F-AD2B-47C8-95BC-A323B2665B27}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{B3E64D38-F775-4438-8F61-28D88A7FF887}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B673C8BD-87A7-44A5-B4D7-D8FEE0F1693E}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{B8476C78-2042-426A-81E1-945A74D3EC26}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B95620A4-B8C5-4EFE-913E-3D99FE654861}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BED0F8D1-9EA1-4EDE-9DFF-E127F3F69019}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BFFE8133-12C8-4488-BBE1-92A59C485AC7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C25B40BA-D77C-4503-8D1E-1EFAD2975809}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{CA95AFE0-EDD5-4BD9-8734-F2D93128C942}" = protocol=17 | dir=in | app=c:\program files\ubisoft\demo\james cameron's avatar - das spiel (demo)\bin\avatardemo.exe |
"{CAE59183-9D80-4AF0-B463-D648F3DAB4AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CAE984A6-F1DE-4DF9-9426-FB9EF6239CE9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CCD0A0C4-A97E-4294-9FB5-EA87B47F8951}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CF0F2E7F-2A45-41AE-8887-B0C9A2213C53}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D1B39FC2-EE2A-4760-9487-612F80EC54F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D7CD7E52-6B6E-4E2D-ABBD-448F95C0B550}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1970D04-A62A-49A1-BD22-7D281FE5BC0B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E53B4150-AB82-4ED6-883A-AE09DE47A4B9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9BDCF32-687E-4A66-BEB5-ACE72F76CCFC}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{F2A8131E-95B8-49BC-86C0-BFCA4DE5542E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F6E47D11-8C62-4B95-9977-6F61444993FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB8E04C9-C652-4C44-A6D4-81CC79A075E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FC71D702-D8B7-45C0-9F8E-753863C0361D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FC77F9EB-5046-4902-BDDC-4A791E3F54C8}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{FD373E3E-8BF8-4C4E-9E51-21B4EDC21695}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{125BCD79-0FC8-4BBA-9B8C-11D87C4327D3}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{30A334FC-B458-4E22-A2B4-C45DD4F2DD23}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{458BB575-8C8D-4EAD-9C86-2D146F69097A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{B067D6EE-F43F-4FA9-96B1-320E8ADD9143}C:\program files\steam\steamapps\hazzem_bmc\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\hazzem_bmc\counter-strike source\hl2.exe |
"TCP Query User{C1951A4F-CD5E-4CE8-9BE0-F95C099686DF}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{CE5E5BE2-BC4B-4AFF-AAB3-845CE0A59AB3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{1C22B245-3BFC-4200-B309-745F7FE7C6AB}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{37AFDCBF-837F-45C6-974F-8AD152F108D0}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{4533FDD5-7DA9-4772-B95B-A24FE1E18C51}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{4B53ACA7-FED4-4194-BF39-9EB5664F44FA}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{928EC6AC-466D-47CB-A3B4-088526177EF6}C:\program files\steam\steamapps\hazzem_bmc\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\hazzem_bmc\counter-strike source\hl2.exe |
"UDP Query User{A8240AA7-176A-4868-BB34-9F5D22839A43}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1DC4E424-5D92-4C92-B1E1-4BE4318E7136}" = James Cameron's AVATAR(tm): DAS SPIEL (Demo)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 21
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D96D2F0-8FB4-45C2-9B80-2DCB88016316}_is1" = Machinarium
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A67B6-2581-4434-AE64-9A34CCF943D1}" = 3-D HUNTING 2010: Hunt Rare and Wild Animals
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E666E822-53A9-460B-BA99-35184AA80965}" = Hunting Unlimited 2011
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Bejeweled 2 Deluxe 1.1" = Bejeweled 2 Deluxe 1.1
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"CommanderCotaDemo_is1" = Commander: Conquest of the Americas [DEMO]
"DFX for Windows Media Player" = DFX for Windows Media Player
"EA Download Manager" = EA Download Manager
"Google Chrome" = Google Chrome
"Hunting Unlimited 2011_is1" = Hunting Unlimited 2011
"ICQToolbar" = ICQ Toolbar
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"JDownloader" = JDownloader
"KAMERA v1.1" = KAMERA v1.1
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar
"MessengerPlusLive_Germany_TB Toolbar" = MessengerPlusLive Germany TB Toolbar
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"mIRC" = mIRC
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"SereneScreen Marine Aquarium Crystal_is1" = SereneScreen Marine Aquarium Crystal
"Sniper Ghost Warrior_is1" = Sniper Ghost Warrior
"Sportfischen Professional" = Sportfischen Professional (Nur Entfernen)
"Steam App 240" = Counter-Strike: Source
"Streamripper" = Streamripper (Remove only)
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"TrueCrypt" = TrueCrypt
"vixy converter BETA_is1" = vixy converter uninstall
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f48e2ab41c5d005" = RapidShare Manager
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 08.08.2010 09:40:47 | Computer Name = ****** | Source = ESENT | ID = 484
Description = wlcomm (2832) C:\Users\******\AppData\Local\Microsoft\Windows Live
Contacts\{d93d17eb-0d1a-4a23-9e84-0eff51cbc5dd}\: Versuch, Ordner "C:\Users\******\AppData\Local\Microsoft\Windows
Live Contacts\{d93d17eb-0d1a-4a23-9e84-0eff51cbc5dd}\DBStore\Backup\old" zu entfernen,
ist mit Systemfehler 145 (0x00000091): "Das Verzeichnis ist nicht leer. " fehlgeschlagen.
Fehler -1022 (0xfffffc02) beim Entfernen von Ordnern.
Error - 08.08.2010 09:40:47 | Computer Name = ****** | Source = ESENT | ID = 215
Description = wlcomm (2832) C:\Users\******\AppData\Local\Microsoft\Windows Live
Contacts\{d93d17eb-0d1a-4a23-9e84-0eff51cbc5dd}\: Die Sicherung wurde abgebrochen,
weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 09.08.2010 04:13:41 | Computer Name = ****** | Source = WinMgmt | ID = 10
Description =
Error - 09.08.2010 05:52:53 | Computer Name = ****** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.18928 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 368 Anfangszeit: 01cb37a26986954d Zeitpunkt
der Beendigung: 0
Error - 09.08.2010 10:04:47 | Computer Name = ****** | Source = WinMgmt | ID = 10
Description =
Error - 10.08.2010 03:37:47 | Computer Name = ****** | Source = WinMgmt | ID = 10
Description =
Error - 11.08.2010 06:29:45 | Computer Name = ****** | Source = WinMgmt | ID = 10
Description =
Error - 12.08.2010 06:59:15 | Computer Name = ****** | Source = WinMgmt | ID = 10
Description =
Error - 12.08.2010 10:59:17 | Computer Name = ****** | Source = WinMgmt | ID = 10
Description =
Error - 13.08.2010 10:07:14 | Computer Name = ****** | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 26.06.2010 07:11:23 | Computer Name = ****** | Source = Service Control Manager | ID = 7026
Description =
Error - 26.06.2010 07:34:54 | Computer Name = ****** | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.******.2 für die Netzwerkkarte mit der Netzwerkadresse
001D7DC7CB0B wurde durch den DHCP-Server 192.168.******.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 26.06.2010 10:12:03 | Computer Name = ****** | Source = Service Control Manager | ID = 7026
Description =
Error - 26.06.2010 10:23:11 | Computer Name = ****** | Source = Service Control Manager | ID = 7026
Description =
Error - 27.06.2010 04:43:43 | Computer Name = ****** | Source = Service Control Manager | ID = 7026
Description =
Error - 28.06.2010 08:19:45 | Computer Name = ****** | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 001D7DC7CB0B zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 30.06.2010 04:49:51 | Computer Name = ****** | Source = Service Control Manager | ID = 7026
Description =
Error - 30.06.2010 04:51:38 | Computer Name = ****** | Source = DCOM | ID = 10005
Description =
Error - 30.06.2010 04:51:39 | Computer Name = ****** | Source = Service Control Manager | ID = 7009
Description =
Error - 30.06.2010 04:51:39 | Computer Name = ****** | Source = Service Control Manager | ID = 7000
Description =
[ TuneUp Events ]
Error - 14.07.2010 14:12:38 | Computer Name = ****** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-14 20:12:37', '\device\harddiskvolume1\program
files\ubisoft\demo\james cameron's avatar - das spiel (demo)\bin\avatardemo.exe','1024',0)
Error - 14.07.2010 14:15:43 | Computer Name = ****** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-14 20:15:43', '\device\harddiskvolume1\program
files\ubisoft\demo\james cameron's avatar - das spiel (demo)\bin\avatardemo.exe','180',0)
Error - 13.08.2010 10:51:46 | Computer Name = ****** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-13 16:51:46', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','5296',0)
< End of report >
und der 2te. OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.08.2010 20:06:35 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\******\Downloads\++TB tut Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,76 Gb Total Space | 190,96 Gb Free Space | 41,00% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 931,28 Gb Total Space | 508,35 Gb Free Space | 54,59% Space Free | Partition Type: FAT32 Drive G: | 495,15 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 489,25 Mb Total Space | 343,39 Mb Free Space | 70,19% Space Free | Partition Type: FAT I: Drive not present or media not loaded Computer Name: ******* Current User Name: ****** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\******\Downloads\++TB tut\OTL.exe (OldTimer Tools) PRC - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software) PRC - C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software) PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe (Kaspersky Lab ZAO) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\*****\Downloads\++TB tut\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys File not found DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Programme\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.clipfish.de/special/bigbrother/livestream/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 9A A0 C9 B5 F5 CA 01 [binary data] IE - HKCU\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010.08.05 14:35:18 | 000,000,000 | ---D | M] O1 HOSTS File: ([2010.05.12 17:20:48 | 000,395,221 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 13649 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Programme\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Programme\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - C:\Programme\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - C:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Programme\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Geräteerkennung) O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444552540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab (Windows Live Hotmail Photo Upload Tool) O16 - DPF: CabBuilder hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Users\*******\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Users\******\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.02.25 20:27:12 | 000,000,016 | R--- | M] () - G:\AUTOPLAY.BAT -- [ CDFS ] O32 - AutoRun File - [2008.02.25 20:27:28 | 000,000,055 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{7d4855e1-61dc-11df-a1c4-001d7dc7cb0b}\Shell - "" = AutoRun O33 - MountPoints2\{7d4855e1-61dc-11df-a1c4-001d7dc7cb0b}\Shell\AutoRun\command - "" = G:\PopCDRun.exe -- [2008.02.25 20:27:46 | 000,300,304 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.13 17:00:44 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.08.13 17:00:44 | 000,000,000 | ---D | C] -- C:\rsit [2010.08.13 16:51:45 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2010.08.13 16:51:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.13 16:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.13 16:51:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.13 16:51:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.13 16:42:39 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.08.12 14:41:56 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.12 14:41:56 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.08.12 14:41:56 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.12 14:41:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.08.12 14:41:56 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.12 14:41:56 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.12 14:41:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.08.12 14:41:56 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.12 14:41:56 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.08.12 14:41:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.08.12 14:41:56 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.08.12 14:41:56 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.08.12 14:41:56 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.12 14:41:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.12 14:41:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.12 14:41:55 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.12 14:41:49 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.12 14:41:43 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.12 14:41:34 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.12 14:41:34 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.09 11:07:50 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.08.09 11:07:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.08.09 11:07:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.08.08 19:41:56 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\mIRC [2010.08.08 19:41:56 | 000,000,000 | ---D | C] -- C:\Programme\mIRC [2010.08.08 15:15:40 | 000,000,000 | ---D | C] -- C:\Programme\Daedalic Entertainment [2010.08.05 22:10:20 | 000,000,000 | ---D | C] -- C:\Programme\MessengerPlusLive_Germany_TB [2010.08.05 14:34:49 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab [2010.08.05 14:34:25 | 000,475,224 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2010.08.05 14:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2010.08.01 14:36:53 | 000,000,000 | ---D | C] -- C:\Users\******\Documents\Commander Demo [2010.08.01 13:56:41 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll [2010.08.01 13:56:41 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll [2010.08.01 13:56:40 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2010.08.01 13:56:40 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll [2010.08.01 13:56:40 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll [2010.08.01 13:56:40 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll [2010.08.01 13:56:40 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll [2010.08.01 13:56:40 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll [2010.08.01 13:56:39 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll [2010.08.01 13:56:39 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll [2010.08.01 13:56:39 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll [2010.08.01 13:56:39 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll [2010.08.01 13:56:39 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll [2010.08.01 13:56:38 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll [2010.08.01 13:56:38 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll [2010.08.01 13:56:38 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll [2010.08.01 13:56:38 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll [2010.08.01 13:56:38 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll [2010.08.01 13:56:37 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2010.08.01 13:56:35 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2010.08.01 13:56:32 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll [2010.08.01 13:56:32 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll [2010.08.01 13:56:31 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll [2010.08.01 13:56:31 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll [2010.08.01 13:56:31 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll [2010.08.01 13:56:31 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll [2010.08.01 13:56:30 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll [2010.08.01 13:51:11 | 000,000,000 | ---D | C] -- C:\Programme\Paradox Interactive [2010.07.29 23:22:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe [2010.07.29 21:14:16 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} [2010.07.29 19:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Zylom [2010.07.25 17:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt [2010.07.25 17:31:46 | 000,000,000 | ---D | C] -- C:\Programme\Debugging Tools for Windows (x86) [2010.07.25 17:16:44 | 000,000,000 | ---D | C] -- C:\Users\*****\test [2010.07.25 16:59:45 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\TrueCrypt [2010.07.25 16:54:20 | 000,230,736 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys [2010.07.25 16:53:56 | 000,000,000 | ---D | C] -- C:\Programme\TrueCrypt [2010.07.24 15:04:11 | 000,000,000 | ---D | C] -- C:\Programme\DAMN NFO Viewer [2010.07.23 17:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2010.07.21 17:53:11 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll [2010.07.21 17:53:11 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll [2010.07.21 17:53:04 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2010.07.21 17:53:04 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll [2010.07.21 17:53:03 | 000,000,000 | ---D | C] -- C:\Programme\AviSynth 2.5 [2010.07.21 17:52:19 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll [2010.07.21 17:52:19 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax [2010.07.21 17:52:19 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax [2010.07.21 17:52:19 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax [2010.07.21 17:52:19 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax [2010.07.21 17:52:19 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax [2010.07.21 17:52:19 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax [2010.07.21 17:52:19 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax [2010.07.21 17:52:19 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll [2010.07.21 17:52:18 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax [2010.07.21 17:52:18 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll [2010.07.21 17:52:18 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax [2010.07.21 17:51:59 | 000,000,000 | ---D | C] -- C:\Programme\eRightSoft [2010.07.21 11:24:02 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\HU2011 [2010.07.21 11:20:33 | 000,000,000 | ---D | C] -- C:\Programme\Hunting Unlimited 2011 [2010.07.17 16:04:39 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\Ps3 acc daten [2010.07.17 15:30:51 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Microsoft Games [2010.07.14 20:12:37 | 000,000,000 | ---D | C] -- C:\Users\******\Documents\My Games [2010.07.14 20:09:13 | 000,000,000 | ---D | C] -- C:\Programme\Ubisoft ========== Files - Modified Within 30 Days ========== [2010.08.13 20:08:15 | 006,553,600 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT [2010.08.13 20:06:53 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.13 20:06:53 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.13 20:00:00 | 000,000,502 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.08.13 19:43:40 | 000,048,640 | ---- | M] () -- C:\Users\******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.13 19:36:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.13 18:28:52 | 000,101,949 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.08.13 18:28:52 | 000,101,949 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.08.13 16:51:22 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.13 16:48:37 | 000,001,862 | ---- | M] () -- C:\Users\******\Documents\cc_20100813_164830.reg [2010.08.13 16:42:41 | 000,000,804 | ---- | M] () -- C:\Users\******\Desktop\CCleaner.lnk [2010.08.13 16:13:05 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.13 16:13:04 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.13 16:13:04 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.13 16:13:04 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.13 16:13:04 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.13 16:09:46 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D2B5F805-A34C-4DB9-90CF-084D78278A84}.job [2010.08.13 16:06:58 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.13 16:06:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.13 16:06:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.13 16:06:28 | 3754,426,368 | -HS- | M] () -- C:\hiberfil.sys [2010.08.12 20:25:50 | 000,524,288 | -HS- | M] () -- C:\Users\******\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.08.12 20:25:50 | 000,065,536 | -HS- | M] () -- C:\Users\******\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.08.12 20:25:38 | 002,582,636 | -H-- | M] () -- C:\Users\******\AppData\Local\IconCache.db [2010.08.12 17:01:57 | 003,584,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.12 13:36:48 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2010.08.11 14:36:17 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Pflanzen gegen Zombies.lnk [2010.08.11 14:36:17 | 000,000,196 | ---- | M] () -- C:\Users\Public\Desktop\Weitere tolle Spiele!.url [2010.08.05 14:51:38 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2010.08.05 14:51:38 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2010.08.05 14:34:25 | 000,475,224 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2010.08.05 11:24:09 | 006,553,600 | -HS- | M] () -- C:\Users\******\ntuser.dat_previous [2010.08.04 16:56:15 | 000,000,104 | ---- | M] () -- C:\Users\******\AppData\Roaming\default.pls [2010.08.01 15:54:57 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.08.01 13:54:59 | 000,001,975 | ---- | M] () -- C:\Users\******\Desktop\Commander demo spielen.lnk [2010.07.25 17:42:30 | 001,835,008 | ---- | M] () -- C:\Users\******\Documents\TrueCrypt Rescue Disk.iso [2010.07.25 16:54:28 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk [2010.07.25 16:54:20 | 000,230,736 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys [2010.07.24 15:12:46 | 000,000,888 | ---- | M] () -- C:\Users\******\Desktop\DAMN NFO Viewer - Verknüpfung.lnk [2010.07.23 20:42:28 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010.07.22 19:59:21 | 000,000,890 | ---- | M] () -- C:\Users\******\Desktop\Hunting Unlimited 2011.lnk [2010.07.22 19:56:56 | 000,001,336 | ---- | M] () -- C:\Users\******\Documents\unpack.bat.lnk [2010.07.21 18:05:27 | 747,253,910 | ---- | M] () -- C:\Users\******\Documents\test.nrg [2010.07.21 17:56:00 | 008,131,739 | ---- | M] () -- C:\Users\******\Documents\100_0432.MOV.WMV [2010.07.21 17:52:19 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\SUPER © Uninstall.lnk [2010.07.21 17:52:19 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk [2010.07.21 17:44:18 | 023,914,177 | ---- | M] () -- C:\Users\******\Documents\100_0432.MOV [2010.07.21 11:22:12 | 000,001,780 | ---- | M] () -- C:\Users\Public\Desktop\Hunting Unlimited 2011.lnk [2010.07.20 18:59:04 | 000,002,540 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk [2010.07.20 18:59:04 | 000,002,420 | ---- | M] () -- C:\Users\Public\Desktop\Nero Home.lnk [2010.07.20 08:32:42 | 000,000,282 | ---- | M] () -- C:\Users\******\Documents\file_id.diz [2010.07.17 05:00:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.07.17 05:00:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.07.17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll ========== Files Created - No Company Name ========== [2010.08.13 16:51:22 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.13 16:48:34 | 000,001,862 | ---- | C] () -- C:\Users\******\Documents\cc_20100813_164830.reg [2010.08.13 16:42:41 | 000,000,804 | ---- | C] () -- C:\Users\******\Desktop\CCleaner.lnk [2010.08.11 14:36:17 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Pflanzen gegen Zombies.lnk [2010.08.11 14:36:17 | 000,000,196 | ---- | C] () -- C:\Users\Public\Desktop\Weitere tolle Spiele!.url [2010.08.05 14:36:20 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2010.08.05 14:36:20 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2010.08.01 13:54:59 | 000,001,975 | ---- | C] () -- C:\Users\******\Desktop\Commander demo spielen.lnk [2010.07.25 17:42:30 | 001,835,008 | ---- | C] () -- C:\Users\******\Documents\TrueCrypt Rescue Disk.iso [2010.07.25 16:54:28 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk [2010.07.24 15:12:46 | 000,000,888 | ---- | C] () -- C:\Users\******\Desktop\DAMN NFO Viewer - Verknüpfung.lnk [2010.07.22 19:59:21 | 000,000,890 | ---- | C] () -- C:\Users\******\Desktop\Hunting Unlimited 2011.lnk [2010.07.22 19:57:15 | 000,001,336 | ---- | C] () -- C:\Users\******\Documents\unpack.bat.lnk [2010.07.21 18:05:22 | 747,253,910 | ---- | C] () -- C:\Users\******\Documents\test.nrg [2010.07.21 17:57:55 | 008,131,739 | ---- | C] () -- C:\Users\******\Documents\100_0432.MOV.WMV [2010.07.21 17:53:04 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.07.21 17:52:19 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax [2010.07.21 17:52:19 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax [2010.07.21 17:52:19 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax [2010.07.21 17:52:19 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax [2010.07.21 17:52:19 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\SUPER © Uninstall.lnk [2010.07.21 17:52:19 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\SUPER ©.lnk [2010.07.21 17:52:18 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax [2010.07.21 17:52:18 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax [2010.07.21 17:52:18 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax [2010.07.21 17:52:18 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax [2010.07.21 17:49:54 | 023,914,177 | ---- | C] () -- C:\Users\******\Documents\100_0432.MOV [2010.07.21 11:22:12 | 000,001,780 | ---- | C] () -- C:\Users\Public\Desktop\Hunting Unlimited 2011.lnk [2010.07.20 08:32:42 | 000,000,282 | ---- | C] () -- C:\Users\******\Documents\file_id.diz [2010.05.27 12:58:17 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini [2010.05.27 12:51:37 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.05.26 21:44:14 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys [2010.05.21 16:20:55 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2010.05.17 12:09:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.02.23 04:21:32 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.01.10 20:16:20 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.01.10 20:15:30 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007.02.06 02:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini < End of report > Mfg Heumann ps. ich starte jetzt mal nen full-scan |
|
| Themen zu udp-network attack , kis datenbank defekt ,vista startet nicht dhcp-client nun sys wiederhergestellt |
| adobe, bereit, bho, browser, cpu, defender, device driver, dhcp-client, error, fontcache, frage, google, hdaudio.sys, hijack, hijackthis, home, home premium, installation, internet security 2011, kaspersky, kis, netzwerk, notepad.exe, nvlddmkm.sys, plug-in, preferences, programdata, realtek, registry, rundll, safer networking, security, skype.exe, software, start menu, starten, svchost.exe, tastatur, udp, verdacht auf trojaner, vista, wscript.exe |
Linear-Darstellung
