|
Log-Analyse und Auswertung: rechner auf sauberkeit prüfen nach bnet account hackWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.09.2010, 16:22 | #1 |
| rechner auf sauberkeit prüfen nach bnet account hack hi nachdem gestern mein battlenet account gehackt wurde und ich ausschließen kann das es durch phishing mails passiert ist, wollte ich meine logfiles mal von euch überprüfen lassen. sollte noch etwas fehlen bitte einfach sagen was. danke für eure mühen. mfg gommels mbam: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4645 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 18.09.2010 15:09:05 mbam-log-2010-09-18 (15-09-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 292610 Laufzeit: 1 Stunde(n), 13 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) hijackthis: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:17:11, on 18.09.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\RocketDock\RocketDock.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files (x86)\QIP\qip.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\xxx\Desktop\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: 174.142.65.65 wolke.skynet O1 - Hosts: 174.142.65.65 announce.mine.nu O1 - Hosts: 174.142.61.140 skynet.wolke O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-3101804217-1774797142-3762040312-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres') O4 - HKUS\S-1-5-21-3101804217-1774797142-3762040312-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres') O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O17 - HKLM\System\CCS\Services\Tcpip\..\{B3405D87-C452-4B49-B065-9ABA71984E3E}: NameServer = 192.168.0.1,208.67.222.222 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10247 bytes OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.09.2010 16:52:55 - Run 1 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\xxx\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 61,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 139,04 Gb Total Space | 17,44 Gb Free Space | 12,54% Space Free | Partition Type: NTFS Drive D: | 9,00 Gb Total Space | 2,35 Gb Free Space | 26,12% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: xxx Current User Name: xxx Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) PRC - C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe (Nero AG) PRC - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe () PRC - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe (Motorola) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group) PRC - C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group) PRC - C:\Program Files (x86)\QIP\qip.exe (The Author of QIP) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe () PRC - C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (VMware NAT Service) -- C:\Windows\SysNative\vmnat.exe File not found SRV:64bit: - (VMnetDHCP) -- C:\Windows\SysNative\vmnetdhcp.exe File not found SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard) SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation) SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (DeviceMonitorService) -- C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe (Nero AG) SRV - (MotoConnect Service) -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (postgresql-8.4) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (MSSQLServerADHelper100) -- c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation) SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.) SRV - (vmount2) -- C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.) SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (pneteth) -- C:\Windows\SysNative\drivers\pneteth.sys (June Fabrics Technology Inc.) DRV:64bit: - (motmodem) -- C:\Windows\SysNative\drivers\motmodem.sys (Motorola) DRV:64bit: - (motccgp) -- C:\Windows\SysNative\drivers\motccgp.sys (Motorola) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (Motousbnet) -- C:\Windows\SysNative\drivers\Motousbnet.sys (Motorola) DRV:64bit: - (motusbdevice) -- C:\Windows\SysNative\drivers\motusbdevice.sys (Motorola Inc) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\CPQBttn64.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\drivers\motccgpfl.sys (Motorola) DRV:64bit: - (BTCFilterService) -- C:\Windows\SysNative\drivers\motfilt.sys (Motorola Inc) DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\drivers\motswch.sys (Motorola) DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.) DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.) DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.) DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.) DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.) DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.) DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.) DRV - (vstor2) -- C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys (VMware, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 99 0C AF 84 39 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.startup.homepage: "pokerstrategy.com" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.09.16 17:29:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.16 17:29:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.09.09 12:15:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.04.19 19:20:14 | 000,000,000 | ---D | M] [2010.09.09 12:16:00 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions [2010.09.09 12:16:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.09.18 16:31:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\a5oam13j.default\extensions [2010.09.12 20:56:33 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\a5oam13j.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.08.19 21:54:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\a5oam13j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.06.10 18:44:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\a5oam13j.default\extensions\battlefieldheroespatcher@ea.com [2010.09.12 20:56:32 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\a5oam13j.default\extensions\personas@christopher.beard [2010.09.18 16:31:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.05.13 01:16:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.03.13 14:18:06 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.03.13 14:18:06 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.03.13 14:18:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.03.13 14:18:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.03.13 14:18:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.18 13:42:16 | 000,000,923 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 174.142.65.65 wolke.skynet O1 - Hosts: 174.142.65.65 announce.mine.nu O1 - Hosts: 174.142.61.140 skynet.wolke O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9c8f941a-02dc-11df-abf4-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{9c8f941a-02dc-11df-abf4-005056c00008}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found O33 - MountPoints2\{d1cdb677-014f-11df-b0db-0022645deb9b}\Shell - "" = AutoRun O33 - MountPoints2\{d1cdb677-014f-11df-b0db-0022645deb9b}\Shell\AutoRun\command - "" = F:\Setup.EXE -- File not found O33 - MountPoints2\{e268371f-a51c-11df-b07d-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{e268371f-a51c-11df-b07d-005056c00008}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.18 16:51:35 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2010.09.18 15:28:48 | 486,678,800 | ---- | C] (Microsoft Corporation) -- C:\Users\xxx\Desktop\WindowsXPMode_de-de.exe [2010.09.18 13:54:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2010.09.18 13:47:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.09.18 13:47:25 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.09.18 13:47:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.09.18 13:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.18 12:03:24 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\xxx\Desktop\HiJackThis204.exe [2010.09.15 23:33:29 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll [2010.09.14 20:38:43 | 160,870,672 | ---- | C] (NVIDIA Corporation) -- C:\Users\xxx\Desktop\258.96_desktop_win7_winvista_64bit_international_whql.exe [2010.09.10 21:19:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DivX [2010.09.07 16:31:17 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\LolClient [2010.09.07 16:08:20 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll [2010.09.07 16:08:20 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll [2010.09.07 16:08:20 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll [2010.09.07 16:08:20 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll [2010.09.07 16:08:19 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll [2010.09.07 16:08:19 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll [2010.09.07 16:08:18 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll [2010.09.07 16:08:18 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll [2010.09.07 16:08:18 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll [2010.09.07 16:08:18 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll [2010.09.07 16:08:17 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll [2010.09.07 16:08:17 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll [2010.09.07 16:08:16 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll [2010.09.07 16:08:16 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll [2010.09.07 16:08:15 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll [2010.09.07 16:08:15 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll [2010.09.07 16:08:10 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll [2010.09.07 16:08:10 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll [2010.09.07 16:08:10 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll [2010.09.07 16:08:10 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll [2010.09.07 16:08:05 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll [2010.09.07 16:08:05 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll [2010.09.07 16:08:04 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll [2010.09.07 16:08:04 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll [2010.09.07 16:06:13 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp [2010.09.07 16:06:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2010.09.07 15:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\League of Legends [2010.09.07 15:43:37 | 814,143,398 | ---- | C] (GOA ) -- C:\Users\xxx\Desktop\loleusetup.exe [2010.09.07 15:43:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\PMB Files [2010.09.07 15:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2010.09.07 15:42:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2010.09.07 14:00:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client [2010.08.30 16:21:05 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.08.25 15:43:40 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.18 16:55:15 | 002,621,440 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT [2010.09.18 16:51:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2010.09.18 16:13:15 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.18 16:13:15 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.18 16:05:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.18 16:05:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.18 16:05:01 | 1554,198,528 | -HS- | M] () -- C:\hiberfil.sys [2010.09.18 16:00:07 | 006,838,986 | -H-- | M] () -- C:\Users\xxx\AppData\Local\IconCache.db [2010.09.18 15:33:39 | 486,678,800 | ---- | M] (Microsoft Corporation) -- C:\Users\xxx\Desktop\WindowsXPMode_de-de.exe [2010.09.18 15:29:36 | 010,352,728 | ---- | M] () -- C:\Users\xxx\Desktop\Windows6.1-KB958559-x64.msu [2010.09.18 13:47:31 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.18 12:04:32 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\xxx\Desktop\HiJackThis204.exe [2010.09.15 16:45:24 | 001,689,894 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.09.15 16:45:24 | 000,722,162 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.09.15 16:45:24 | 000,684,004 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.09.15 16:45:24 | 000,155,618 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.09.15 16:45:24 | 000,132,000 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.09.14 20:39:51 | 160,870,672 | ---- | M] (NVIDIA Corporation) -- C:\Users\xxx\Desktop\258.96_desktop_win7_winvista_64bit_international_whql.exe [2010.09.12 20:42:38 | 497,916,170 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.09.11 23:47:11 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.09.07 16:03:25 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends.lnk [2010.09.07 15:58:14 | 814,143,398 | ---- | M] (GOA ) -- C:\Users\xxx\Desktop\loleusetup.exe [2010.09.07 14:00:22 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2010.08.31 07:19:12 | 002,441,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.18 15:29:31 | 010,352,728 | ---- | C] () -- C:\Users\xxx\Desktop\Windows6.1-KB958559-x64.msu [2010.09.18 13:47:31 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.07 16:03:25 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends.lnk [2010.09.07 14:00:22 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2010.08.19 21:47:01 | 497,916,170 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.07.26 19:23:37 | 000,052,880 | ---- | C] () -- C:\Program Files (x86)\hminstalllog.txt [2010.04.21 17:22:50 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010.04.21 17:22:50 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010.03.23 01:15:48 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.03.10 20:38:27 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010.03.10 20:38:27 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest [2010.01.25 15:04:58 | 000,004,937 | ---- | C] () -- C:\ProgramData\ojvzdisj.xda [2010.01.16 02:57:42 | 001,686,368 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.10.28 16:14:18 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI [2009.10.27 15:08:42 | 000,000,189 | ---- | C] () -- C:\ProgramData\HPWALog.txt [2009.10.27 14:55:06 | 000,000,000 | ---- | C] () -- C:\Users\xxx\AppData\Local\QSwitch.txt [2009.10.27 14:55:06 | 000,000,000 | ---- | C] () -- C:\Users\xxx\AppData\Local\DSwitch.txt [2009.10.27 14:55:06 | 000,000,000 | ---- | C] () -- C:\Users\xxx\AppData\Local\AtStart.txt [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll < End of report > OTL Extras:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.09.2010 16:52:55 - Run 1 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\xxx\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 61,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 139,04 Gb Total Space | 17,44 Gb Free Space | 12,54% Space Free | Partition Type: NTFS Drive D: | 9,00 Gb Total Space | 2,35 Gb Free Space | 26,12% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: xxx Current User Name: xxx Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1C3F92D0-3EC5-4CD4-9D5E-1E7834B65BB8}" = Microsoft SQL Server 2008 Native Client "{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64 "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64 "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64 "{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard "{82ED9FB2-55AF-4A61-A6F3-506CEE112779}" = Motorola Mobile Drivers Installation 4.7.1 "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64 "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4 "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4 "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4 "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64 "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit) "{DE2C9D5F-C55C-30E8-9322-2B8E8B5DF87C}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4 "{E6420CCB-92BE-3ACB-BDC3-69FBDD319C94}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 "HDMI" = Intel(R) Graphics Media Accelerator Driver "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{045A9539-37B6-464D-94F9-E4ADFA856903}" = PokerStrategy.com Equilator "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4 "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 20 "{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English) "{30DE52AF-3186-4396-883B-E3AFC7E522BB}" = pgAdmin III 1.10 "{32A3A4F4-B792-11D6-A78A-00B0D0160190}" = Java(TM) SE Development Kit 6 Update 19 "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4534DDFE-E33F-4CA3-89A4-F1E9CA001B5F}" = HP ESU for Microsoft Windows 7 "{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser "{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant "{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{6496B5ED-5083-4172-AA78-866DB571BE56}" = Cisco Aironet PEAP Supplicant "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch "{AEACD7BE-7E12-490D-80B2-C7DEBDBD8915}" = Windows 7 Default Setting "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU "{D9DC70B6-BE13-41DD-9053-9E617E72D085}" = MOTOROLA MEDIA LINK "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4 "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL "{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4 "Arcus - Rubik's Cube Simulator 0.3.2" = Arcus - Rubik's Cube Simulator 0.3.2 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BlueJ_is1" = BlueJ 2.5.3 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "ENTERPRISE" = Microsoft Office Enterprise 2007 "ffdshow_is1" = ffdshow [rev 1723] [2007-12-24] "HoldemManager" = Holdem Manager "InstallShield_{045A9539-37B6-464D-94F9-E4ADFA856903}" = PokerStrategy.com Equilator "JDownloader" = JDownloader "League of Legends_is1" = League of Legends "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU "mIRC" = mIRC "MKVtoolnix" = MKVtoolnix 3.4.0 "MotoConnect" = MotoConnect 1.1.31 "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2) "Nero8Lite_is1" = Nero 8 Lite "PdaNet_is1" = PdaNet for Android 2.42 "PDFTK Builder_is1" = PDFTK Builder 3.5.3 "PokerTracker3" = PokerTracker 3 (remove only) "PostgreSQL 8.4" = PostgreSQL 8.4 "PunkBusterSvc" = PunkBuster Services "RocketDock_is1" = RocketDock 1.3.5 "Runic Games Torchlight" = Torchlight "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "uTorrent" = µTorrent "VLC media player" = VLC media player 1.0.2 "Warcraft III" = Warcraft III "Winamp" = Winamp "ZoneAlarm" = ZoneAlarm ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "QIP 2005" = QIP 2005 8095 "Warcraft III" = Warcraft III: All Products ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 18.09.2010 10:10:49 | Computer Name = xxx | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.09.2010 10:10:54 | Computer Name = xxx | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.09.2010 10:10:57 | Computer Name = xxx | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.09.2010 10:10:57 | Computer Name = xxx | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.09.2010 10:10:58 | Computer Name = xxx | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.09.2010 10:11:12 | Computer Name = xxx | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.09.2010 10:11:12 | Computer Name = xxx | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.09.2010 10:11:12 | Computer Name = xxx | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.09.2010 10:11:12 | Computer Name = xxx | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.09.2010 10:11:16 | Computer Name = xxx | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . [ System Events ] Error - 12.09.2010 14:46:33 | Computer Name = xxx | Source = Service Control Manager | ID = 7000 Description = Der Dienst "PostgreSQL Server 8.4" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 12.09.2010 14:49:58 | Computer Name = xxx | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst TrueVector Internet Monitor erreicht. Error - 12.09.2010 14:49:58 | Computer Name = xxx | Source = Service Control Manager | ID = 7000 Description = Der Dienst "TrueVector Internet Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 12.09.2010 14:50:58 | Computer Name = xxx | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SQL Server (SQLEXPRESS) erreicht. Error - 12.09.2010 14:50:58 | Computer Name = xxx | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SQL Server (SQLEXPRESS)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 12.09.2010 14:53:00 | Computer Name = xxx | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst PostgreSQL Server 8.4 erreicht. Error - 12.09.2010 14:53:03 | Computer Name = xxx | Source = Service Control Manager | ID = 7000 Description = Der Dienst "PostgreSQL Server 8.4" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 14.09.2010 15:45:16 | Computer Name = xxx | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst TrueVector Internet Monitor erreicht. Error - 14.09.2010 15:45:16 | Computer Name = xxx | Source = Service Control Manager | ID = 7000 Description = Der Dienst "TrueVector Internet Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 18.09.2010 01:35:20 | Computer Name = xxx | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. < End of report > mbrcheck: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Professional Windows Information: (build 7600), 64-bit Base Board Manufacturer: Hewlett-Packard BIOS Manufacturer: Hewlett-Packard System Manufacturer: Hewlett-Packard System Product Name: HP Compaq 6730s Logical Drives Mask: 0x0000003c Kernel Drivers (total 209): 0x02C4C000 \SystemRoot\system32\ntoskrnl.exe 0x02C03000 \SystemRoot\system32\hal.dll 0x00BA3000 \SystemRoot\system32\kdcom.dll 0x00C6E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00CB2000 \SystemRoot\system32\PSHED.dll 0x00CC6000 \SystemRoot\system32\CLFS.SYS 0x00D24000 \SystemRoot\system32\CI.dll 0x00E46000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00EEA000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x010D3000 \SystemRoot\System32\Drivers\spgn.sys 0x01000000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x01009000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x01038000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x0108F000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x01099000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00EF9000 \SystemRoot\system32\DRIVERS\pci.sys 0x010A6000 \SystemRoot\System32\drivers\partmgr.sys 0x010BB000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x010C4000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x00F2C000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x00F41000 \SystemRoot\System32\drivers\volmgrx.sys 0x00F9D000 \SystemRoot\System32\drivers\mountmgr.sys 0x00FB7000 \SystemRoot\system32\DRIVERS\atapi.sys 0x00FC0000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x00FEA000 \SystemRoot\system32\DRIVERS\msahci.sys 0x00E00000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x00E10000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys 0x00E1B000 \SystemRoot\system32\drivers\fileinfo.sys 0x01251000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01449000 \SystemRoot\System32\Drivers\msrpc.sys 0x014A7000 \SystemRoot\System32\Drivers\ksecdd.sys 0x014C1000 \SystemRoot\System32\Drivers\cng.sys 0x01534000 \SystemRoot\System32\drivers\pcw.sys 0x01545000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x01663000 \SystemRoot\system32\drivers\ndis.sys 0x01755000 \SystemRoot\system32\drivers\NETIO.SYS 0x017B5000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01802000 \SystemRoot\System32\drivers\tcpip.sys 0x01600000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x0164A000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x0154F000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x0165A000 \SystemRoot\System32\Drivers\spldr.sys 0x0159B000 \SystemRoot\System32\drivers\rdyboost.sys 0x017E0000 \SystemRoot\System32\Drivers\mup.sys 0x017F2000 \SystemRoot\System32\drivers\hwpolicy.sys 0x015D5000 \SystemRoot\system32\DRIVERS\hpdskflt.sys 0x01400000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x015DF000 \SystemRoot\system32\DRIVERS\disk.sys 0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x02C34000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x02C5E000 \SystemRoot\System32\Drivers\Null.SYS 0x02C67000 \SystemRoot\System32\Drivers\Beep.SYS 0x02C6E000 \SystemRoot\System32\drivers\vga.sys 0x02C7C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x02CA1000 \SystemRoot\System32\drivers\watchdog.sys 0x02CB1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x02CBA000 \SystemRoot\system32\drivers\rdpencdd.sys 0x02CC3000 \SystemRoot\system32\drivers\rdprefmp.sys 0x02CCC000 \SystemRoot\System32\Drivers\Msfs.SYS 0x02CD7000 \SystemRoot\System32\Drivers\Npfs.SYS 0x02CE8000 \SystemRoot\system32\DRIVERS\tdx.sys 0x02D06000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x02D13000 \SystemRoot\system32\drivers\afd.sys 0x02D9D000 \SystemRoot\System32\DRIVERS\netbt.sys 0x03A5F000 \SystemRoot\system32\DRIVERS\vsdatant.sys 0x03AF0000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x03AF9000 \SystemRoot\system32\DRIVERS\pacer.sys 0x03B1F000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x03B35000 \SystemRoot\system32\DRIVERS\netbios.sys 0x03B44000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x03B5F000 \SystemRoot\system32\DRIVERS\termdd.sys 0x03B73000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x03BC4000 \SystemRoot\system32\drivers\nsiproxy.sys 0x03BD0000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x03BDB000 \SystemRoot\System32\drivers\discache.sys 0x03CBD000 \SystemRoot\system32\drivers\csc.sys 0x03D40000 \SystemRoot\System32\Drivers\dfsc.sys 0x03D5E000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x03D95000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x04826000 \SystemRoot\system32\DRIVERS\igdkmd64.sys 0x0408C000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x04180000 \SystemRoot\System32\drivers\dxgmms1.sys 0x041C6000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x04000000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x04056000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x04067000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x05664000 \SystemRoot\system32\DRIVERS\NETw5s64.sys 0x05DC3000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x03C00000 \SystemRoot\system32\DRIVERS\yk62x64.sys 0x05DD0000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x05DEE000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys 0x05600000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x0560F000 \??\C:\Windows\system32\drivers\VMkbd.sys 0x03C65000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x05619000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x0561B000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x03DAB000 \SystemRoot\System32\Drivers\axjx24a1.SYS 0x0562A000 \SystemRoot\system32\DRIVERS\Accelerometer.sys 0x05636000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x0563B000 \SystemRoot\system32\DRIVERS\cpqbttn64.sys 0x0563E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x05657000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x041D3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x041DC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x04800000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x03A00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x041EC000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x03A24000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x02DE2000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x02C00000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x00C4C000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x04816000 \SystemRoot\system32\DRIVERS\pneteth.sys 0x03DF0000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x05660000 \SystemRoot\system32\DRIVERS\swenum.sys 0x04491000 \SystemRoot\system32\DRIVERS\ks.sys 0x044D4000 \SystemRoot\system32\DRIVERS\umbus.sys 0x044EE000 \SystemRoot\system32\DRIVERS\VMNET.SYS 0x044F8000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x04552000 \SystemRoot\System32\Drivers\fastfat.SYS 0x04588000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x04596000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x04400000 \SystemRoot\system32\drivers\ADIHdAud.sys 0x045AB000 \SystemRoot\system32\drivers\portcls.sys 0x03D6F000 \SystemRoot\system32\drivers\drmk.sys 0x045E8000 \SystemRoot\system32\drivers\ksthunk.sys 0x0529D000 \SystemRoot\system32\DRIVERS\agrsm64.sys 0x053BF000 \SystemRoot\system32\drivers\modem.sys 0x053CE000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x00000000 \SystemRoot\System32\win32k.sys 0x053DC000 \SystemRoot\System32\drivers\Dxapi.sys 0x053E8000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x05200000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x0521D000 \SystemRoot\system32\DRIVERS\monitor.sys 0x0522B000 \SystemRoot\System32\Drivers\crashdmp.sys 0x05239000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x05245000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x05250000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x00460000 \SystemRoot\System32\TSDDD.dll 0x00710000 \SystemRoot\System32\cdd.dll 0x00860000 \SystemRoot\System32\ATMFD.DLL 0x05263000 \SystemRoot\system32\drivers\luafv.sys 0x01230000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x022C9000 \SystemRoot\system32\drivers\WudfPf.sys 0x022EA000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys 0x022F5000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x0230A000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x0235D000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x02370000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x02388000 \SystemRoot\system32\DRIVERS\vwifimp.sys 0x02200000 \SystemRoot\system32\drivers\HTTP.sys 0x02392000 \SystemRoot\system32\DRIVERS\bowser.sys 0x023B0000 \SystemRoot\System32\drivers\mpsdrv.sys 0x023C8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x034A7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x034F5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x03518000 \??\C:\Windows\system32\drivers\hcmon.sys 0x03831000 \??\C:\Windows\system32\drivers\vmx86.sys 0x03926000 \SystemRoot\System32\Drivers\adfs.SYS 0x0393E000 Geändert von gommels (18.09.2010 um 16:34 Uhr) Grund: nutzername nicht rausediert |
20.09.2010, 09:29 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | rechner auf sauberkeit prüfen nach bnet account hackZitat:
__________________ |
20.09.2010, 10:19 | #3 |
| rechner auf sauberkeit prüfen nach bnet account hack mein passwort ist 8 zeichen lang un besteht aus einer kombination von zahlen und buchstaben, glaube nicht das es daran lag. der account war jetz auch ca 1 jahr inaktiv. ich denk ma mit youtube anleitung meinst hacks oder bots aber auch das kann ich verneinen. denke aber das zumindest, dass meine emailadresse bekannt ist da ich seit ca nem halben jahr regelmäßig phishing mails bekomme, aber wie gesagt das kann ich ausschließen.
__________________mfg gommels |
20.09.2010, 10:24 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | rechner auf sauberkeit prüfen nach bnet account hack Du hast Dich auch nicht eingeloggt, als Du an einem anderen Rechenr warst, der womöglich infiziert war? Hast Du Battlenet Passwort noch woanders genutzt?
__________________ Logfiles bitte immer in CODE-Tags posten |
20.09.2010, 10:55 | #5 |
| rechner auf sauberkeit prüfen nach bnet account hack passwörter hab ich ausser für foren überall ein anderes und ich änder auch alle 6 monate ca alle passwörter.das ich mich an nem anderen rechner eingeloggt hab kann ich mich jetz nicht dran erinnern, ist wenn schon ewig her. mfg gommels |
Themen zu rechner auf sauberkeit prüfen nach bnet account hack |
64-bit, adblock, adobe, antivir, antivir guard, avg, avgntflt.sys, avira, bho, browser, c:\windows\system32\rundll32.exe, components, desktop, error, fehler, firefox, flash player, format, hijack, hijackthis, install.exe, installation, jdownloader, langs, launch, location, microsoft office word, mozilla, mozilla thunderbird, oldtimer, otl logfile, otl.exe, phishing, plug-in, programdata, registry, rundll, saver, schattenkopien, searchplugins, security, senden, shell32.dll, shortcut, software, sptd.sys, studio, syswow64, teamspeak, vista, visual studio, vlc media player, webcheck |