| |
| |||||||
Log-Analyse und Auswertung: Internet sehr langsam, keine Downloads möglich -> Winsock LSP / prxerdrv.dll im LogfileWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.09.2010, 16:34
| #1 |
| |  Internet sehr langsam, keine Downloads möglich -> Winsock LSP / prxerdrv.dll im Logfile Hallo zusammen, mein Vater hat sein heute ein Problem mit seinem PC welches ich (wir) nicht selbst lösen können, vielleicht weiß einer von euch Rat und kann mir helfen. Seit heute ist sein Internet extrem langsam und es sind keine Downloads mehr möglich. Verdacht auf Trojaner. Logfile: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:13:47, on 30.09.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: V:\Windows\system32\Dwm.exe V:\Windows\Explorer.EXE V:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe V:\Windows\System32\oodtray.exe V:\Program Files\Logitech\Logitech WebCam Software\LWS.exe V:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe V:\Windows\System32\rundll32.exe V:\Program Files\HP\HP Software Update\hpwuSchd2.exe V:\Program Files\Logitech\Logitech Vid\Vid.exe V:\Program Files\Windows Media Player\wmpnscfg.exe V:\Windows\ehome\ehtray.exe V:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe V:\Windows\system32\taskeng.exe V:\Windows\System32\rundll32.exe V:\Windows\ehome\ehmsas.exe V:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe V:\Program Files\Motorola\MotoConnectService\MotoConnect.exe V:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe V:\Windows\System32\mobsync.exe V:\Program Files\Mozilla Firefox\firefox.exe V:\Program Files\Internet Explorer\iexplore.exe V:\Program Files\Internet Explorer\iexplore.exe V:\Windows\system32\conime.exe V:\Windows\system32\wuauclt.exe V:\Program Files\Trend Micro\HijackThis\HijackThis.exe V:\Program Files\Internet Explorer\iexplore.exe V:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2719325 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: MessengerPlusLive Germany TB Toolbar - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - V:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll F2 - REG:system.ini: UserInit=V:\Windows\system32\userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - V:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: MessengerPlusLive Germany TB Toolbar - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - V:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - V:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - V:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - V:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: MessengerPlusLive Germany TB Toolbar - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - V:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll O4 - HKLM\..\Run: [RtHDVCpl] V:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [OODefragTray] V:\Windows\system32\oodtray.exe O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "V:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\Run: [Ad-Watch] V:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE V:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE V:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE V:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Software Update] V:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [Logitech Vid] "V:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode O4 - HKCU\..\Run: [msnmsgr] "V:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] V:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [{BB571243-DB00-129A-D141-3B29754D5171}] V:\Users\Willi\AppData\Roaming\Molia\epaps.exe O4 - HKCU\..\Run: [ehTray.exe] V:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: HP Digital Imaging Monitor.lnk = V:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - V:\Program Files\PokerStars\PokerStarsUpdate.exe O10 - Unknown file in Winsock LSP: v:\windows\system32\prxernsp.dll O10 - Unknown file in Winsock LSP: v:\windows\system32\prxerdrv.dll O10 - Unknown file in Winsock LSP: v:\windows\system32\prxerdrv.dll O13 - Gopher Prefix: O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - V:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - V:\Windows\System32\DreamScene.dll O23 - Service: Steganos Anonym VPN Starter Service (AVPNStarter) - Unknown owner - V:\Program Files\Steganos Internet Anonym VPN\AVPNStarter.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - V:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - V:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - V:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - V:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - V:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: MotoConnect Service - Unknown owner - V:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe O23 - Service: NMSAccess - Unknown owner - V:\Program Files\BurnAware Free\NMSAccess32.exe O23 - Service: O&O Defrag - O&O Software GmbH - V:\Windows\system32\oodag.exe O23 - Service: PnkBstrA - Unknown owner - V:\Windows\system32\PnkBstrA.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - V:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - V:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - V:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 7888 bytes Die 3 "O10er" Einträge hab ich bereits versucht mit LSP-Fix zu fixxen, jedoch erfolglos. S&D & Ad-Aware konnten auch nichts finden bzw. reparieren. Zudem habe ich bereits folgendes versucht: Repair and Reset Windows Vista TCP/IP Winsock Catalog Corruption www.mydigitallife.info/2007/06/18/repair-and-reset-windows-vista-tcpip-winsock-catalog-corruption/ Reinstall and Reset TCP/IP (Internet Protocol) in Windows Vista, 2003 and XP www.mydigitallife.info/2007/06/19/reinstall-and-reset-tcpip-internet-protocol-in-windows-vista-2003-and-xp/ Habt ihr eine Idee was ich noch probieren könnte, damit das Internet wieder korrekt läuft? Achja, was mir noch sehr komisch vorkommt ist folgendes: Ab und zu klappt ein Download, aber nur mit dem IE. Grüße aus Hamburg, Dennis Geändert von clubb1ng (30.09.2010 um 16:40 Uhr) |
|
30.09.2010, 16:44
| #2 |
| /// Malware-holic   |  Internet sehr langsam, keine Downloads möglich -> Winsock LSP / prxerdrv.dll im Logfile ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten |
|
30.09.2010, 16:49
| #3 |
| | Internet sehr langsam, keine Downloads möglich -> Winsock LSP / prxerdrv.dll im Logfile Guten Tag markusg,
__________________danke für deine schnelle Resonanz. Der OTL-Scan wird soeben gemacht, die Logfiles folgen gleich. MfG, Dennis // edit: Hier die zwei Logfiles, ich hoffe Du kannst damit etwas anfangen.OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.09.2010 17:44:28 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = V:\Users\*****\Documents Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 35,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = V: | %SystemRoot% = V:\Windows | %ProgramFiles% = V:\Program Files Drive C: | 148,07 Gb Total Space | 98,42 Gb Free Space | 66,47% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 100,01 Gb Total Space | 20,38 Gb Free Space | 20,38% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Drive V: | 50,01 Gb Total Space | 10,70 Gb Free Space | 21,40% Space Free | Partition Type: NTFS Computer Name: *****-PC Current User Name: ***** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - V:\Users\*****\Documents\OTL.exe (OldTimer Tools) PRC - V:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - V:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - V:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - V:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - V:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - V:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - V:\Programme\Motorola\MotoConnectService\MotoConnectService.exe () PRC - V:\Programme\Motorola\MotoConnectService\MotoConnect.exe (Motorola) PRC - V:\Programme\Logitech\Logitech WebCam Software\LWS.exe () PRC - V:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe () PRC - V:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - V:\Programme\Logitech\Logitech Vid\Vid.exe (Logitech Inc.) PRC - V:\Windows\explorer.exe (Microsoft Corporation) PRC - V:\Windows\System32\conime.exe (Microsoft Corporation) PRC - V:\Programme\DAEMON Tools Pro\DTProShellHlp.exe (DT Soft Ltd) PRC - V:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - V:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - V:\Programme\BurnAware Free\NMSAccess32.exe () PRC - V:\Windows\System32\oodag.exe (O&O Software GmbH) PRC - V:\Windows\System32\oodtray.exe (O&O Software GmbH) PRC - V:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - V:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Modules (SafeList) ========== MOD - V:\Users\*****\Documents\OTL.exe (OldTimer Tools) MOD - V:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - V:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Boonty Games) -- V:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe File not found SRV - (Lavasoft Ad-Aware Service) -- V:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (WPFFontCache_v0400) -- V:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- V:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (MotoConnect Service) -- V:\Programme\Motorola\MotoConnectService\MotoConnectService.exe () SRV - (LVPrcSrv) -- V:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (FontCache) -- V:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (SBSDWSCService) -- V:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (NMSAccess) -- V:\Programme\BurnAware Free\NMSAccess32.exe () SRV - (AVPNStarter) -- V:\Program Files\Steganos Internet Anonym VPN\AVPNStarter.exe () SRV - (O&O Defrag) -- V:\Windows\System32\oodag.exe (O&O Software GmbH) SRV - (WinDefend) -- V:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (StarWindServiceAE) -- V:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (x10nets) -- V:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- V:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- V:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- V:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (EagleNT) -- V:\Windows\System32\drivers\EagleNT.sys File not found DRV - (MBAMSwissArmy) -- V:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (motmodem) -- V:\Windows\System32\drivers\motmodem.sys (Motorola) DRV - (LVPr2Mon) -- V:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (atksgt) -- V:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- V:\Windows\System32\drivers\lirsgt.sys () DRV - (Lbd) -- V:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (sptd) -- V:\Windows\System32\Drivers\sptd.sys () DRV - (xfilt) -- V:\Windows\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc) DRV - (videX32) -- V:\Windows\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.) DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- V:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (HpCISSs) -- V:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- V:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (WDC_SAM) -- V:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (acedrv11) -- V:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (athr) -- V:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (MegaSR) -- V:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- V:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- V:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- V:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- V:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (ql2300) -- V:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adpahci) -- V:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (E1G60) Intel(R) -- V:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (LSI_SAS) -- V:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (vsmraid) -- V:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (arcsas) -- V:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (arc) -- V:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iaStorV) -- V:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (ulsata2) -- V:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- V:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- V:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (elxstor) -- V:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- V:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- V:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- V:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- V:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- V:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- V:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- V:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (3xHybrid) -- V:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH) DRV - (tapavpn) -- V:\Windows\System32\drivers\tapavpn.sys (Steganos GmbH) DRV - (LVUSBSta) -- V:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (nvlddmkm) -- V:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (ql40xx) -- V:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- V:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- V:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- V:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- V:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- V:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- V:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- V:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- V:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- V:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- V:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- V:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- V:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- V:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- V:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- V:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- V:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- V:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (ZSMC301b) -- V:\Windows\System32\drivers\usbVM31b.sys (VM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - V:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-792815470-2588575354-2298569724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2719325 IE - HKU\S-1-5-21-792815470-2588575354-2298569724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-792815470-2588575354-2298569724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-792815470-2588575354-2298569724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 63 C4 B9 3E 24 CA 01 [binary data] IE - HKU\S-1-5-21-792815470-2588575354-2298569724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-792815470-2588575354-2298569724-1000\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - V:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) IE - HKU\S-1-5-21-792815470-2588575354-2298569724-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "MessengerPlusLive Germany TB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2719325&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "MessengerPlusLive Germany TB Customized Web Search" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {76aeea42-e04a-4b62-83ab-df4b2be2541e}:2.7.1.3 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2719325&q=" FF - prefs.js..network.proxy.http: "202.3.217.125" FF - prefs.js..network.proxy.http_port: 80 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: V:\Program Files\Mozilla Firefox\components [2010.09.18 09:45:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: V:\Program Files\Mozilla Firefox\plugins [2010.09.18 09:45:19 | 000,000,000 | ---D | M] [2010.09.15 18:31:03 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\mozilla\Extensions [2010.09.30 17:17:52 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yf15we85.default\extensions [2010.09.16 22:49:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- V:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yf15we85.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.21 00:03:57 | 000,000,000 | ---D | M] (MessengerPlusLive Germany TB Toolbar) -- V:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yf15we85.default\extensions\{76aeea42-e04a-4b62-83ab-df4b2be2541e} [2010.09.15 20:46:27 | 000,000,000 | ---D | M] (No name found) -- V:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yf15we85.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.09.15 20:46:27 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yf15we85.default\extensions\firefox@tvunetworks.com [2010.09.15 16:29:02 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles(20)\tflzmrfc.default\extensions [2010.09.15 16:29:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- V:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles(20)\tflzmrfc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.15 18:31:57 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles(32)\fmi4tj8l.default\extensions [2010.09.15 18:31:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- V:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles(32)\fmi4tj8l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.31 23:49:28 | 000,000,959 | ---- | M] () -- V:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\yf15we85.default\searchplugins\conduit.xml [2010.09.15 20:54:18 | 000,000,000 | ---D | M] -- V:\Programme\Mozilla Firefox\extensions [2010.08.25 02:44:54 | 000,001,392 | ---- | M] () -- V:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.25 02:44:54 | 000,002,344 | ---- | M] () -- V:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.25 02:44:54 | 000,006,805 | ---- | M] () -- V:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.25 02:44:54 | 000,001,178 | ---- | M] () -- V:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.25 02:44:54 | 000,001,105 | ---- | M] () -- V:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.06 16:35:02 | 000,415,313 | R--- | M]) - V:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14362 more lines... O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - V:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - V:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - V:\Programme\FlashFXP\IEFlash.dll (IniCom Networks, Inc.) O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - V:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-792815470-2588575354-2298569724-1000\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - V:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O4 - HKLM..\Run: [Ad-Watch] V:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) O4 - HKLM..\Run: [LogitechQuickCamRibbon] V:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [NvCplDaemon] V:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] V:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] V:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [OODefragTray] V:\Windows\System32\oodtray.exe (O&O Software GmbH) O4 - HKLM..\Run: [RtHDVCpl] V:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] V:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] V:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-792815470-2588575354-2298569724-1000..\Run: [{BB571243-DB00-129A-D141-3B29754D5171}] V:\Users\*****\AppData\Roaming\Molia\epaps.exe () O4 - HKU\S-1-5-21-792815470-2588575354-2298569724-1000..\Run: [Logitech Vid] V:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.) O4 - HKU\S-1-5-21-792815470-2588575354-2298569724-1000..\Run: [WMPNSCFG] V:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] V:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-792815470-2588575354-2298569724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-792815470-2588575354-2298569724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O7 - HKU\S-1-5-21-792815470-2588575354-2298569724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - V:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - V:\Windows\System32\PrxerNsp.dll ( ) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - V:\Windows\System32\PrxerDrv.dll (Initex Software) O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - V:\Windows\System32\PrxerDrv.dll (Initex Software) O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - V:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - V:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - V:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - V:\Windows\explorer.exe (Microsoft Corporation) O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - V:\Windows\System32\DreamScene.dll (Microsoft Corporation) O24 - Desktop WallPaper: V:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: V:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.08.18 17:28:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - V:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{133c85a5-9290-11de-b990-0019dba7e8af}\Shell - "" = AutoRun O33 - MountPoints2\{133c85a5-9290-11de-b990-0019dba7e8af}\Shell\AutoRun\command - "" = J:\setup\rsrc\Autorun.exe -- File not found O33 - MountPoints2\{133c85a5-9290-11de-b990-0019dba7e8af}\Shell\dinstall\command - "" = J:\Directx\dxsetup.exe -- File not found O33 - MountPoints2\{21ef3527-9350-11de-a2ff-0019dba7e8af}\Shell - "" = AutoRun O33 - MountPoints2\{21ef3527-9350-11de-a2ff-0019dba7e8af}\Shell\AutoRun\command - "" = O:\autorun.exe -- File not found O33 - MountPoints2\{21ef3527-9350-11de-a2ff-0019dba7e8af}\Shell\setup\command - "" = O:\setup.exe -- File not found O33 - MountPoints2\{5c2d7606-9265-11de-a8e3-0019dba7e8af}\Shell - "" = AutoRun O33 - MountPoints2\{5c2d7606-9265-11de-a8e3-0019dba7e8af}\Shell\AutoRun\command - "" = I:\Autorun.EXE -- File not found O33 - MountPoints2\{75da18e6-b0fa-11df-a91a-0019dba7e8af}\Shell - "" = AutoRun O33 - MountPoints2\{75da18e6-b0fa-11df-a91a-0019dba7e8af}\Shell\AutoRun\command - "" = K:\WD SmartWare.exe -- File not found O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe -- File not found O33 - MountPoints2\J\Shell\directx\command - "" = J:\DirectX9\dxsetup.exe -- File not found O33 - MountPoints2\J\Shell\setup\command - "" = J:\setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - V:\Windows\System32\OODBS.exe (O&O Software GmbH) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - V:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: Lavasoft Ad-Aware Service - V:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - V:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Lavasoft Ad-Aware Service - V:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - V:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - V:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - V:\Windows\system32\Rundll32.exe V:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A2DADDE9-88D0-7966-D0D6-BDF35B5EE29F} - .NET Framework ActiveX: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - V:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - V:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "V:\Windows\System32\rundll32.exe" "V:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.ac3filter - V:\Windows\System32\ac3filter.acm () Drivers32: msacm.l3acm - V:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - V:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.siren - V:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo - V:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - V:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - V:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - V:\Windows\System32\ff_vfw.dll () Drivers32: VIDC.I420 - V:\Windows\System32\LVCodec2.dll (Logitech Inc.) Drivers32: VIDC.IV31 - V:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: VIDC.IV32 - V:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: VIDC.IV41 - V:\Windows\System32\ir41_32.dll (Intel(R) Corporation) Drivers32: vidc.VP60 - V:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - V:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP62 - V:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: VIDC.WMV3 - V:\Windows\System32\wmv9vcm.dll (Microsoft Corporation) Drivers32: vidc.XVID - V:\Windows\System32\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.09.30 17:41:07 | 000,575,488 | ---- | C] (OldTimer Tools) -- V:\Users\*****\Documents\OTL.exe [2010.09.30 17:37:28 | 000,000,000 | ---D | C] -- V:\Users\*****\AppData\Roaming\Malwarebytes [2010.09.30 17:37:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- V:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.30 17:37:22 | 000,000,000 | ---D | C] -- V:\ProgramData\Malwarebytes [2010.09.30 17:37:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- V:\Windows\System32\drivers\mbam.sys [2010.09.30 17:37:21 | 000,000,000 | ---D | C] -- V:\Programme\Malwarebytes' Anti-Malware [2010.09.30 17:36:58 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- V:\Users\*****\Documents\mbam-setup.exe [2010.09.23 21:06:30 | 000,000,000 | ---D | C] -- V:\Users\*****\AppData\Roaming\Printer Info Cache [2010.09.23 21:06:30 | 000,000,000 | ---D | C] -- V:\Users\*****\AppData\Roaming\Image Zone Express [2010.09.23 18:26:17 | 000,000,000 | ---D | C] -- V:\ProgramData\WEBREG [2010.09.23 18:26:06 | 000,000,000 | ---D | C] -- V:\Users\*****\AppData\Roaming\HP [2010.09.23 18:25:36 | 000,000,000 | ---D | C] -- V:\ProgramData\HPSSUPPLY [2010.09.23 18:22:55 | 000,000,000 | ---D | C] -- V:\Programme\Hewlett-Packard [2010.09.23 18:22:55 | 000,000,000 | ---D | C] -- V:\Programme\Common Files\Hewlett-Packard [2010.09.23 18:22:34 | 000,000,000 | ---D | C] -- V:\Programme\Common Files\HP [2010.09.23 18:18:52 | 000,000,000 | -H-D | C] -- V:\Config.Msi [2010.09.23 18:18:03 | 000,000,000 | ---D | C] -- V:\ProgramData\HP [2010.09.23 14:44:58 | 000,000,000 | ---D | C] -- V:\Users\*****\Desktop\fullhtml-Dateien [2010.09.21 00:04:01 | 000,000,000 | ---D | C] -- V:\Programme\Conduit [2010.09.21 00:03:59 | 000,000,000 | ---D | C] -- V:\Programme\MessengerPlusLive_Germany_TB [2010.09.15 20:54:17 | 000,000,000 | ---D | C] -- V:\Programme\Mozilla Firefox [2010.09.15 16:44:12 | 000,000,000 | ---D | C] -- V:\Users\*****\Documents\TuneUp.Utilities.2010.v9.0.2000.17.Incl.Keymaker-CORE [2010.09.15 16:37:26 | 000,000,000 | ---D | C] -- V:\Programme\XP TCPIP Repair [2010.09.14 21:07:43 | 008,373,184 | ---- | C] (Mozilla) -- V:\Users\*****\Documents\Firefox Setup 3.6.9.exe [2010.09.14 20:38:01 | 000,921,512 | ---- | C] (Symantec Corporation) -- V:\Users\*****\Documents\Norton_Removal_Tool_2011.exe [2010.08.31 22:56:41 | 000,000,000 | ---D | C] -- V:\Users\*****\AppData\Roaming\Molia [2009.08.26 15:51:55 | 000,061,440 | ---- | C] ( ) -- V:\Windows\System32\PrxerNsp.dll [1 V:\Windows\System32\*.tmp files -> V:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.30 17:46:28 | 007,340,032 | ---- | M] () -- V:\Users\*****\ntuser.dat [2010.09.30 17:41:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- V:\Users\*****\Documents\OTL.exe [2010.09.30 17:40:53 | 000,001,094 | ---- | M] () -- V:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.09.30 17:40:45 | 000,002,078 | ---- | M] () -- V:\Users\Public\Desktop\Google Earth.lnk [2010.09.30 17:39:00 | 000,001,090 | ---- | M] () -- V:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.09.30 17:37:25 | 000,000,823 | ---- | M] () -- V:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.30 17:37:04 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- V:\Users\*****\Documents\mbam-setup.exe [2010.09.30 17:06:48 | 000,006,000 | -H-- | M] () -- V:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.30 17:06:47 | 000,006,000 | -H-- | M] () -- V:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.30 17:06:30 | 000,000,006 | -H-- | M] () -- V:\Windows\tasks\SA.DAT [2010.09.30 17:06:27 | 000,067,584 | --S- | M] () -- V:\Windows\bootstat.dat [2010.09.30 17:06:24 | 2145,902,592 | -HS- | M] () -- V:\hiberfil.sys [2010.09.30 17:06:22 | 000,803,233 | ---- | M] () -- V:\Windows\System32\oodbs.lor [2010.09.29 23:28:10 | 000,524,288 | -HS- | M] () -- V:\Users\*****\ntuser.dat{6147b8f2-05ac-11df-8c67-0019dba7e8af}.TMContainer00000000000000000001.regtrans-ms [2010.09.29 23:28:10 | 000,065,536 | -HS- | M] () -- V:\Users\*****\ntuser.dat{6147b8f2-05ac-11df-8c67-0019dba7e8af}.TM.blf [2010.09.29 23:27:27 | 002,484,026 | -H-- | M] () -- V:\Users\*****\AppData\Local\IconCache.db [2010.09.23 18:26:42 | 000,164,302 | ---- | M] () -- V:\Windows\hpoins19.dat [2010.09.23 18:26:00 | 000,000,179 | ---- | M] () -- V:\Windows\win.ini [2010.09.23 18:25:15 | 000,002,034 | ---- | M] () -- V:\Users\Public\Desktop\HP Photosmart Essential.lnk [2010.09.23 18:24:13 | 000,001,209 | ---- | M] () -- V:\Users\Public\Desktop\HP Solution Center.lnk [2010.09.23 18:23:21 | 000,001,977 | ---- | M] () -- V:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2010.09.23 14:44:58 | 000,028,474 | ---- | M] () -- V:\Users\*****\Desktop\fullhtml.htm [2010.09.21 00:03:10 | 000,012,176 | ---- | M] () -- V:\Users\*****\Desktop\KÜNDIGUNG.odt [2010.09.15 20:54:21 | 000,001,729 | ---- | M] () -- V:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.09.15 20:46:46 | 007,340,032 | ---- | M] () -- V:\Users\*****\ntuser.dat_previous [2010.09.15 16:43:37 | 020,947,036 | ---- | M] () -- V:\Users\*****\Documents\tu2v021ikc.rar [2010.09.14 21:40:56 | 000,000,809 | ---- | M] () -- V:\Users\*****\Desktop\CCleaner.lnk [2010.09.14 21:26:56 | 000,029,997 | ---- | M] () -- V:\Users\*****\Desktop\bookmarks-2010-09-14.json [2010.09.14 21:07:43 | 008,373,184 | ---- | M] (Mozilla) -- V:\Users\*****\Documents\Firefox Setup 3.6.9.exe [2010.09.14 20:38:02 | 000,921,512 | ---- | M] (Symantec Corporation) -- V:\Users\*****\Documents\Norton_Removal_Tool_2011.exe [1 V:\Windows\System32\*.tmp files -> V:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.30 17:40:45 | 000,002,078 | ---- | C] () -- V:\Users\Public\Desktop\Google Earth.lnk [2010.09.30 17:37:25 | 000,000,823 | ---- | C] () -- V:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.23 18:25:15 | 000,002,034 | ---- | C] () -- V:\Users\Public\Desktop\HP Photosmart Essential.lnk [2010.09.23 18:24:13 | 000,001,209 | ---- | C] () -- V:\Users\Public\Desktop\HP Solution Center.lnk [2010.09.23 18:23:21 | 000,001,977 | ---- | C] () -- V:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2010.09.23 18:18:10 | 000,164,302 | ---- | C] () -- V:\Windows\hpoins19.dat [2010.09.23 18:17:57 | 000,026,952 | ---- | C] () -- V:\Windows\hpomdl19.dat [2010.09.23 15:10:55 | 000,005,804 | ---- | C] () -- V:\ProgramData\hpzinstall.log [2010.09.23 14:44:58 | 000,028,474 | ---- | C] () -- V:\Users\*****\Desktop\fullhtml.htm [2010.09.21 00:03:09 | 000,012,176 | ---- | C] () -- V:\Users\*****\Desktop\KÜNDIGUNG.odt [2010.09.15 20:54:21 | 000,001,729 | ---- | C] () -- V:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.09.15 16:43:37 | 020,947,036 | ---- | C] () -- V:\Users\*****\Documents\tu2v021ikc.rar [2010.09.14 21:26:56 | 000,029,997 | ---- | C] () -- V:\Users\*****\Desktop\bookmarks-2010-09-14.json [2010.07.04 17:51:36 | 000,000,552 | ---- | C] () -- V:\Users\*****\AppData\Local\d3d8caps.dat [2010.07.04 16:08:47 | 000,138,056 | ---- | C] () -- V:\Users\*****\AppData\Roaming\PnkBstrK.sys [2009.11.13 14:16:58 | 000,076,407 | ---- | C] () -- V:\Users\*****\AppData\Roaming\Smiley.ico [2009.10.24 15:17:55 | 000,000,187 | ---- | C] () -- V:\Users\*****\AppData\Roaming\burnaware.ini [2009.10.07 01:46:36 | 000,025,752 | ---- | C] () -- V:\Windows\System32\drivers\LVPr2Mon.sys [2009.10.07 01:23:08 | 000,013,584 | ---- | C] () -- V:\Windows\System32\drivers\iKeyLFT2.dll [2009.09.05 01:44:26 | 000,139,128 | ---- | C] () -- V:\Windows\System32\drivers\PnkBstrK.sys [2009.09.04 22:56:54 | 000,281,760 | ---- | C] () -- V:\Windows\System32\drivers\atksgt.sys [2009.09.04 22:56:53 | 000,025,888 | ---- | C] () -- V:\Windows\System32\drivers\lirsgt.sys [2009.08.31 02:30:28 | 000,000,000 | ---- | C] () -- V:\Windows\OODCNT.INI [2009.08.30 17:29:56 | 000,000,065 | ---- | C] () -- V:\Windows\powerplayer.ini [2009.08.30 17:29:56 | 000,000,040 | ---- | C] () -- V:\Windows\psnetwork.ini [2009.08.26 19:22:01 | 000,722,416 | ---- | C] () -- V:\Windows\System32\drivers\sptd.sys [2009.08.26 15:51:59 | 000,000,178 | ---- | C] () -- V:\Users\*****\AppData\Roaming\Current.prx [2009.08.26 01:14:17 | 000,034,308 | ---- | C] () -- V:\Windows\System32\BASSMOD.dll [2009.08.24 06:29:54 | 000,043,008 | ---- | C] () -- V:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.24 02:49:05 | 000,082,289 | ---- | C] () -- V:\Windows\System32\lvcoinst.ini [2009.08.24 02:02:50 | 000,000,056 | -H-- | C] () -- V:\ProgramData\ezsidmv.dat [2009.08.23 19:05:28 | 000,008,268 | ---- | C] () -- V:\Users\*****\AppData\Local\d3d9caps.dat [2009.06.02 18:11:16 | 000,085,504 | ---- | C] () -- V:\Windows\System32\ff_vfw.dll [2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- V:\Windows\System32\xvidvfw.dll [2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- V:\Windows\System32\xvidcore.dll [2009.04.11 15:19:09 | 000,117,248 | ---- | C] () -- V:\Windows\System32\EhStorAuthn.dll [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- V:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelFrench.dll [2008.09.12 16:21:02 | 000,000,547 | ---- | C] () -- V:\Windows\System32\ff_vfw.dll.manifest [2008.01.21 04:23:41 | 000,081,158 | ---- | C] () -- V:\Windows\System32\manage-bde.ini.en [2008.01.08 08:17:04 | 000,009,824 | ---- | C] () -- V:\Windows\System32\34CoInstaller.dll [2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- V:\Windows\System32\unrar.dll [2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- V:\Windows\AviSplitter.INI [2006.11.02 14:34:20 | 000,005,632 | ---- | C] () -- V:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- V:\Windows\System32\pacerprf.ini [2002.10.06 20:42:57 | 000,237,568 | ---- | C] () -- V:\Windows\System32\OggDS.dll [2002.10.05 01:04:25 | 000,921,600 | ---- | C] () -- V:\Windows\System32\vorbisenc.dll [2002.10.05 01:04:24 | 000,188,416 | ---- | C] () -- V:\Windows\System32\vorbis.dll [2002.10.05 01:04:17 | 000,045,056 | ---- | C] () -- V:\Windows\System32\ogg.dll [1998.09.25 13:00:00 | 000,056,832 | ---- | C] () -- V:\Windows\System32\iyvu9_32.dll ========== LOP Check ========== [2009.08.27 01:40:28 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\2K Sports [2009.08.27 01:46:09 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\DAEMON Tools Pro [2009.11.13 16:19:48 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\dBpoweramp [2009.11.30 23:03:27 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Downloaded Installations [2009.08.26 01:29:18 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\FlashFXP [2010.01.11 21:59:32 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\flightgear.org [2010.09.23 21:06:32 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Image Zone Express [2009.08.24 22:37:08 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\IrfanView [2009.10.30 17:30:58 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Leadertech [2010.08.31 22:56:41 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Molia [2009.09.16 22:44:33 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\OpenOffice.org [2009.08.30 02:26:30 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\PiX-ART.com [2010.03.21 16:10:23 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Playrix Entertainment [2009.08.30 17:29:58 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\ppstream [2010.09.23 21:06:32 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Printer Info Cache [2009.08.27 17:31:16 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\ProtectDisc [2010.09.30 17:45:38 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Qeocyl [2009.08.24 00:26:00 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Steganos VPN [2009.10.01 21:16:12 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\StreamTorrent [2009.08.30 02:06:50 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Summer Athletics 2009 [2010.01.25 20:22:26 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\TAITO [2010.01.27 15:07:36 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\TitanicMystery [2009.08.24 17:25:38 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\TuneUp Software [2009.10.04 09:27:50 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Ubisoft [2009.08.27 18:46:18 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\UNOUndercover [2009.10.09 14:45:30 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\uTorrent [2009.08.25 02:06:13 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\VistaCodecs [2009.08.27 17:06:05 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Zylom [2010.09.29 23:27:54 | 000,032,582 | ---- | M] () -- V:\Windows\Tasks\SCHEDLGU.TXT [2009.08.24 02:01:58 | 000,000,204 | ---- | M] () -- V:\Windows\Tasks\{2034705D-2D06-4701-8766-5D6C9CE0234E}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.08.27 01:40:28 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\2K Sports [2009.11.13 15:51:47 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\AccurateRip [2010.01.22 17:59:05 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Adobe [2009.12.29 23:17:30 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Apple Computer [2009.08.27 01:46:09 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\DAEMON Tools Pro [2009.11.13 16:19:48 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\dBpoweramp [2009.11.30 23:03:27 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Downloaded Installations [2009.10.24 14:56:31 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\dvdcss [2009.08.26 01:29:18 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\FlashFXP [2010.01.11 21:59:32 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\flightgear.org [2010.09.23 18:33:38 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\HP [2009.08.27 17:06:05 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Identities [2010.09.23 21:06:32 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Image Zone Express [2009.09.04 21:32:38 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\InstallShield [2009.08.24 22:37:08 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\IrfanView [2009.10.30 17:30:58 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Leadertech [2009.08.23 19:14:12 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Macromedia [2010.09.30 17:37:28 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Malwarebytes [2009.08.25 01:39:53 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Media Player Classic [2010.02.26 21:11:36 | 000,000,000 | --SD | M] -- V:\Users\*****\AppData\Roaming\Microsoft [2009.08.26 01:26:59 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\mIRC [2010.08.31 22:56:41 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Molia [2010.09.15 18:31:03 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Mozilla [2009.09.16 22:44:33 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\OpenOffice.org [2009.08.30 02:26:30 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\PiX-ART.com [2010.03.21 16:10:23 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Playrix Entertainment [2009.08.30 17:29:58 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\ppstream [2010.09.23 21:06:32 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Printer Info Cache [2009.08.27 17:31:16 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\ProtectDisc [2010.09.30 17:45:38 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Qeocyl [2009.10.31 16:59:21 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Real [2009.08.27 16:23:18 | 000,000,000 | RH-D | M] -- V:\Users\*****\AppData\Roaming\SecuROM [2009.08.24 05:59:58 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Skype [2009.08.24 02:02:50 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\skypePM [2009.08.24 00:26:00 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Steganos VPN [2009.10.01 21:16:12 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\StreamTorrent [2009.08.30 02:06:50 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Summer Athletics 2009 [2010.01.25 20:22:26 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\TAITO [2009.08.25 21:28:05 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\teamspeak2 [2010.01.27 15:07:36 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\TitanicMystery [2009.08.24 17:25:38 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\TuneUp Software [2010.02.20 16:52:45 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\TVU Networks [2009.10.04 09:27:50 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Ubisoft [2009.08.27 18:46:18 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\UNOUndercover [2009.10.09 14:45:30 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\uTorrent [2009.08.25 02:06:13 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\VistaCodecs [2010.09.07 10:29:18 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\vlc [2009.08.24 23:23:27 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Winamp [2009.08.23 21:30:37 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\WinRAR [2009.08.27 17:06:05 | 000,000,000 | ---D | M] -- V:\Users\*****\AppData\Roaming\Zylom < %APPDATA%\*.exe /s > [2010.08.01 14:56:03 | 000,010,134 | R--- | M] () -- V:\Users\*****\AppData\Roaming\Microsoft\Installer\{3F5635E9-FDB2-4220-8D4B-17E0035994DA}\ARPPRODUCTICON.exe [2010.08.01 14:56:03 | 000,053,248 | R--- | M] (InstallShield Software Corp.) -- V:\Users\*****\AppData\Roaming\Microsoft\Installer\{3F5635E9-FDB2-4220-8D4B-17E0035994DA}\NewShortcut1_3F5635E9FDB242208D4B17E0035994DA.exe [2010.08.01 14:56:03 | 000,053,248 | R--- | M] (InstallShield Software Corp.) -- V:\Users\*****\AppData\Roaming\Microsoft\Installer\{3F5635E9-FDB2-4220-8D4B-17E0035994DA}\SC_stargame1_3F5635E9FDB242208D4B17E0035994DA.exe [2009.08.27 20:48:58 | 000,006,766 | R--- | M] () -- V:\Users\*****\AppData\Roaming\Microsoft\Installer\{DA399721-2D85-471E-A447-9CCD89A89CA8}\_18be6784.exe [2009.08.27 20:48:58 | 000,007,078 | R--- | M] () -- V:\Users\*****\AppData\Roaming\Microsoft\Installer\{DA399721-2D85-471E-A447-9CCD89A89CA8}\_294823.exe [2009.08.27 20:48:58 | 000,006,766 | R--- | M] () -- V:\Users\*****\AppData\Roaming\Microsoft\Installer\{DA399721-2D85-471E-A447-9CCD89A89CA8}\_4ae13d6c.exe [2009.08.28 19:14:01 | 000,010,134 | R--- | M] () -- V:\Users\*****\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2010.08.31 22:56:41 | 000,115,712 | ---- | M] () -- V:\Users\*****\AppData\Roaming\Molia\epaps.exe [2010.02.20 16:52:53 | 005,562,672 | ---- | M] (TVU networks) -- V:\Users\*****\AppData\Roaming\TVU Networks\AutoUpgrade\TVUPlayer2.4.9.1.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- V:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- V:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- V:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- V:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- V:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- V:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 15:18:59 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- V:\Windows\System32\drivers\atapi.sys [2009.04.11 15:18:59 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- V:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 15:18:59 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- V:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- V:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- V:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- V:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- V:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- V:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.04.11 15:19:30 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- V:\Windows\explorer.exe [2009.04.11 15:19:30 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- V:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 04:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- V:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- V:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- V:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- V:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 15:19:21 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- V:\Windows\System32\netlogon.dll [2009.04.11 15:19:21 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- V:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- V:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- V:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- V:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- V:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2009.04.11 15:19:45 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- V:\Windows\System32\scecli.dll [2009.04.11 15:19:45 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- V:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 15:19:29 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- V:\Windows\System32\user32.dll [2009.04.11 15:19:29 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- V:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:22:58 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- V:\Windows\System32\userinit.exe [2008.01.21 04:22:58 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- V:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: VIAMRAID.SYS > [2008.07.09 20:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- V:\Users\*****\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\2K\viamraid.sys [2008.07.09 20:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- V:\Users\*****\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\drvdisk\x86\NT5\viamraid.sys [2008.07.09 20:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- V:\Users\*****\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\SRV2003\x86\viamraid.sys [2008.07.09 20:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- V:\Users\*****\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\XP\x86\viamraid.sys [2008.07.09 20:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- V:\Users\*****\Documents\DriverGenius\Temp\via_vraid_580g\via_vraid_580g\VRAIDDrv\2K\viamraid.sys [2008.07.09 20:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- V:\Users\*****\Documents\DriverGenius\Temp\via_vraid_580g\via_vraid_580g\VRAIDDrv\drvdisk\x86\NT5\viamraid.sys [2008.07.09 20:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- V:\Users\*****\Documents\DriverGenius\Temp\via_vraid_580g\via_vraid_580g\VRAIDDrv\SRV2003\x86\viamraid.sys [2008.07.09 20:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- V:\Users\*****\Documents\DriverGenius\Temp\via_vraid_580g\via_vraid_580g\VRAIDDrv\XP\x86\viamraid.sys [2008.09.26 16:38:50 | 000,137,880 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=0C619F1C0F1D0150C155C3CD7687DC87 -- V:\Users\*****\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\drvdisk\VISTA\x86\viamraid.sys [2008.09.26 16:38:50 | 000,137,880 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=0C619F1C0F1D0150C155C3CD7687DC87 -- V:\Users\*****\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\VISTA\x86\viamraid.sys [2008.09.26 16:38:50 | 000,137,880 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=0C619F1C0F1D0150C155C3CD7687DC87 -- V:\Users\*****\Documents\DriverGenius\Temp\via_vraid_580g\via_vraid_580g\VRAIDDrv\drvdisk\VISTA\x86\viamraid.sys [2008.09.26 16:38:50 | 000,137,880 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=0C619F1C0F1D0150C155C3CD7687DC87 -- V:\Users\*****\Documents\DriverGenius\Temp\via_vraid_580g\via_vraid_580g\VRAIDDrv\VISTA\x86\viamraid.sys [2007.12.19 19:02:18 | 000,117,872 | ---- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- V:\Users\*****\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\drvdisk\x86\NT4\viamraid.sys [2007.12.19 19:02:18 | 000,117,872 | ---- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- V:\Users\*****\Documents\DriverGenius\Temp\via_hyperionpro_524a\via_hyperionpro_524a\VRAIDDrv\NT4\viamraid.sys [2007.12.19 19:02:18 | 000,117,872 | ---- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- V:\Users\*****\Documents\DriverGenius\Temp\via_vraid_580g\via_vraid_580g\VRAIDDrv\drvdisk\x86\NT4\viamraid.sys [2007.12.19 19:02:18 | 000,117,872 | ---- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- V:\Users\*****\Documents\DriverGenius\Temp\via_vraid_580g\via_vraid_580g\VRAIDDrv\NT4\viamraid.sys < MD5 for: WINLOGON.EXE > [2009.04.11 15:19:45 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- V:\Windows\System32\winlogon.exe [2009.04.11 15:19:45 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- V:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:22:55 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- V:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:22:55 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- V:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2009.08.26 19:22:02 | 000,722,416 | ---- | M] () Unable to obtain MD5 -- V:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2009.04.11 16:14:01 | 025,030,656 | ---- | M] () -- V:\Windows\System32\config\COMPONENTS.SAV [2009.04.11 16:13:38 | 000,106,496 | ---- | M] () -- V:\Windows\System32\config\DEFAULT.SAV [2009.04.11 16:14:01 | 000,020,480 | ---- | M] () -- V:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- V:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- V:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- V:\Windows\System32\dxtmsft.dll [2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- V:\Windows\System32\dxtrans.dll [2010.05.04 07:55:41 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- V:\Windows\System32\iepeers.dll [2009.04.11 15:19:41 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- V:\Windows\System32\rsaenh.dll [2009.04.11 15:19:39 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- V:\Windows\System32\SLC.dll [1 V:\Windows\system32\*.tmp files -> V:\Windows\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 134 bytes -> V:\ProgramData\TEMP:CBEB737E @Alternate Data Stream - 133 bytes -> V:\ProgramData\TEMP:4E9307D7 < End of report > Hier die Extras:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.09.2010 17:44:28 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = V:\Users\*****\Documents
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 35,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = V: | %SystemRoot% = V:\Windows | %ProgramFiles% = V:\Program Files
Drive C: | 148,07 Gb Total Space | 98,42 Gb Free Space | 66,47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 100,01 Gb Total Space | 20,38 Gb Free Space | 20,38% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive V: | 50,01 Gb Total Space | 10,70 Gb Free Space | 21,40% Space Free | Partition Type: NTFS
Computer Name: *****-PC
Current User Name: *****
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- V:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- V:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-792815470-2588575354-2298569724-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- V:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "V:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "V:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "V:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "V:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "V:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "V:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-792815470-2588575354-2298569724-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"V:\Program Files\FlashFXP\FlashFXP.exe" = V:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (Copyright ® 1998-2007 =NF=LOVE[BCG][DFCG][YYePG])
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"V:\Program Files\FlashFXP\FlashFXP.exe" = V:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (Copyright ® 1998-2007 =NF=LOVE[BCG][DFCG][YYePG])
"V:\Program Files\PPStream\PPStream.exe" = V:\Program Files\PPStream\PPStream.exe:*:Enabled:PPStream -- (PPStream.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B0DE62C-B2A4-40FC-BD6A-C1632628E33D}" = rport=137 | protocol=17 | dir=out | app=system |
"{3EE3C05C-A203-4198-BEBF-ABDE17C3F9CD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4A152DD9-2463-4410-8B76-32C311EB7EC6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4FD71418-4CEE-4E66-AD44-623D9EC46D84}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5C3CF249-16BB-4809-A8C0-43A4E081634F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6117CC19-1786-4D03-A93F-11CF7F72708C}" = lport=138 | protocol=17 | dir=in | app=system |
"{63528080-76F7-4D31-A99F-A47C26407613}" = lport=137 | protocol=17 | dir=in | app=system |
"{70CD1615-9B08-4585-9FF8-E56286484D31}" = lport=445 | protocol=6 | dir=in | app=system |
"{9E8099CF-1A95-46D6-A5B0-0DE17D74B454}" = rport=138 | protocol=17 | dir=out | app=system |
"{B3D6C176-F656-4979-BF20-AC2A248C352B}" = lport=139 | protocol=6 | dir=in | app=system |
"{C6E0CE2D-B95B-48C0-A1F7-670BCD09A438}" = rport=445 | protocol=6 | dir=out | app=system |
"{DEFDD4FA-77C8-4537-A826-30412F8F1549}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16DA6DE4-C11F-492B-AF3A-0DD5836DCDCA}" = protocol=6 | dir=in | app=v:\users\*****\appdata\local\temp\7zsd9bb.tmp\symnrt.exe |
"{1D20E2A4-854F-43AF-A5B1-9E616F0A0AC3}" = protocol=6 | dir=in | app=v:\users\*****\appdata\local\temp\7zs8c95.tmp\symnrt.exe |
"{1EE88C4D-EECB-449E-98F7-054B023E54E2}" = protocol=17 | dir=in | app=v:\program files\itunes\itunes.exe |
"{1F346170-AB7C-4992-8DC6-1866341A4458}" = protocol=17 | dir=in | app=h:\spiele\age of empires iii\age3x.exe |
"{21C83165-7783-4C2B-88BA-25C53F1F9950}" = protocol=6 | dir=in | app=v:\program files\logitech\logitech vid\vid.exe |
"{257CED63-0FE4-4537-8CB5-35922FA25D10}" = protocol=6 | dir=in | app=v:\users\*****\appdata\local\temp\7zse5cc.tmp\symnrt.exe |
"{2C431F36-2C55-499E-AF97-F7C8B8C98840}" = protocol=6 | dir=in | app=h:\spiele\anno 1404\tools\anno4web.exe |
"{3063136E-7CE8-40C3-82FC-1310A392B4B1}" = protocol=17 | dir=in | app=v:\windows\system32\pnkbstra.exe |
"{34B02595-5456-4AEC-93DA-9AD84346B210}" = dir=in | app=v:\program files\windows live\messenger\wlcsdk.exe |
"{36856E12-99FD-482C-B466-C1C817C7AE30}" = protocol=6 | dir=in | app=v:\windows\system32\pnkbstrb.exe |
"{37B5AD85-853B-4137-87BD-281B1B9E5340}" = protocol=17 | dir=in | app=v:\windows\system32\pnkbstrb.exe |
"{3AC6B995-BC18-4390-884B-6AA853E4A296}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4F324F6A-7535-4F35-99C0-357F8DA5D653}" = protocol=6 | dir=in | app=h:\spiele\age of empires iii\age3x.exe |
"{5103F4F5-1699-4468-BAD5-6F94D6DA2F4A}" = protocol=17 | dir=in | app=h:\spiele\anno 1404\tools\anno4web.exe |
"{6B3227FA-49EB-447F-8975-76E57F425EEA}" = protocol=17 | dir=in | app=v:\users\*****\appdata\local\temp\7zsd9bb.tmp\symnrt.exe |
"{7BCB1FBE-31E2-4325-AED1-6AE00A644D7B}" = protocol=17 | dir=in | app=h:\spiele\call of duty 5\codwawmp.exe |
"{81B140B0-E8D0-46CA-B66A-529038B9C6C8}" = protocol=17 | dir=in | app=h:\spiele\age of empires iii\age3y.exe |
"{91C4ABAC-D7FA-4ED1-BE03-50C4F4B640AF}" = protocol=6 | dir=in | app=h:\spiele\anno 1404\anno4.exe |
"{9252FFA5-6DC7-4161-83C0-7701847AC1B6}" = protocol=6 | dir=in | app=v:\program files\itunes\itunes.exe |
"{955EB99E-589A-426A-A4CF-86844F7F56BA}" = protocol=17 | dir=in | app=v:\users\*****\appdata\local\temp\7zs8c95.tmp\symnrt.exe |
"{98573E04-92E4-4A56-A2DE-405B53AEA435}" = protocol=17 | dir=in | app=h:\spiele\call of duty 5\codwaw.exe |
"{9BEBF44F-2AFE-4385-BBA1-52556938F676}" = protocol=6 | dir=in | app=v:\program files\logitech\logitech vid\vid.exe |
"{9D4A94D8-AA91-454A-8567-71325A3AF853}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A07E009F-81C5-4746-A1F8-C31D027C2FFA}" = protocol=17 | dir=in | app=h:\spiele\anno 1404\anno4.exe |
"{A0A6FBA5-4640-4A6F-B2F9-3FC4311904DB}" = protocol=6 | dir=in | app=v:\windows\system32\pnkbstra.exe |
"{B1BD6F3B-862E-4C0E-803F-C82B6945BF21}" = protocol=6 | dir=in | app=h:\spiele\call of duty 5\codwawmp.exe |
"{C107C03B-1C0E-4BA9-9C36-BBEF38D45209}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C8A3E3BE-424F-4AC1-AAFF-A6399E6FA674}" = protocol=6 | dir=in | app=h:\spiele\call of duty 5\codwaw.exe |
"{CD0B50D4-312C-4451-AFF5-99C97E9AF679}" = protocol=17 | dir=in | app=v:\program files\logitech\logitech vid\vid.exe |
"{CFD3A840-1CA7-41BD-B8D0-0A4F508D2793}" = dir=in | app=v:\program files\skype\phone\skype.exe |
"{D2F4D1BA-A04C-4E75-9CC9-EEF2D08E3B66}" = protocol=17 | dir=in | app=v:\users\*****\appdata\local\temp\7zs1bfb.tmp\symnrt.exe |
"{D829C7E9-7298-4150-86C8-5B7B81AB6021}" = protocol=17 | dir=in | app=v:\program files\logitech\logitech vid\vid.exe |
"{E01D00D1-3E86-45EC-AF4C-E1BAC4D934EA}" = protocol=6 | dir=in | app=h:\spiele\age of empires iii\age3y.exe |
"{EA775DD5-0E04-49EA-9AA4-6122668D0698}" = dir=in | app=v:\program files\windows live\messenger\msnmsgr.exe |
"{F4399AB5-1E17-4752-A658-4B8C798415E8}" = protocol=6 | dir=in | app=v:\users\*****\appdata\local\temp\7zs1bfb.tmp\symnrt.exe |
"{FEDE0A15-3017-4A6F-A5E2-62957E77D528}" = protocol=17 | dir=in | app=v:\users\*****\appdata\local\temp\7zse5cc.tmp\symnrt.exe |
"{FF04E7E2-052F-4F31-A252-6245989401B8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{024FF662-77A3-4F93-831C-C4C3B90ACE7B}V:\windows\explorer.exe" = protocol=6 | dir=in | app=v:\windows\explorer.exe |
"TCP Query User{2C651D60-C994-4AE0-BBF0-D9CC228E2D28}V:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=v:\windows\system32\taskeng.exe |
"TCP Query User{2DF373FB-98C2-46E5-8FE5-17EE8618E724}V:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=v:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{37E197DD-55FD-415E-A8CF-748810C872F9}V:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=v:\windows\system32\taskeng.exe |
"TCP Query User{56879598-98DB-4A58-B941-02BCDFB572ED}V:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=v:\program files\java\jre6\bin\java.exe |
"TCP Query User{5D6CDACC-421F-4DEF-9140-FFEC4E3A7172}V:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=v:\program files\sopcast\sopcast.exe |
"TCP Query User{6077FAA9-166A-4A49-95AE-9CD86CCAE6BF}H:\spiele\die 15 beliebtesten kartenspiele\bin\cards.exe" = protocol=6 | dir=in | app=h:\spiele\die 15 beliebtesten kartenspiele\bin\cards.exe |
"TCP Query User{7495A94D-A4E4-4302-BFAC-A499FE85310D}V:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=v:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{8AF7A5F5-DF3C-4C8F-AA51-000FC3573222}V:\mirc\mirc.exe" = protocol=6 | dir=in | app=v:\mirc\mirc.exe |
"TCP Query User{B0482D8B-F69B-45E9-AD94-D1A29DF37ED8}V:\windows\explorer.exe" = protocol=6 | dir=in | app=v:\windows\explorer.exe |
"TCP Query User{D8B0D74F-5788-4A2F-BA88-6973665D4AB5}V:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=v:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{1D320529-D6C2-4304-9E2F-818A22D16609}V:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=v:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{1F327155-7A29-47F2-B010-8CC4C3569A86}V:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=v:\program files\sopcast\sopcast.exe |
"UDP Query User{2F7FF759-3036-44EC-A1C8-2583F992C8DC}V:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=v:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{53EB9397-BED1-4124-9705-FFDFF34DA84D}V:\windows\explorer.exe" = protocol=17 | dir=in | app=v:\windows\explorer.exe |
"UDP Query User{62330AEF-2F12-4176-9326-19D3EB08A0C5}V:\mirc\mirc.exe" = protocol=17 | dir=in | app=v:\mirc\mirc.exe |
"UDP Query User{796AB1BF-E996-4CA3-9C6B-6A332C512E21}V:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=v:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{A5ADC64B-4D87-43FF-BBF2-8E0640746676}V:\windows\explorer.exe" = protocol=17 | dir=in | app=v:\windows\explorer.exe |
"UDP Query User{BB052967-6800-46A4-BC55-5203517DCE9A}V:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=v:\program files\java\jre6\bin\java.exe |
"UDP Query User{BC6F2657-BF94-432F-8142-12C283ACB4A1}V:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=v:\windows\system32\taskeng.exe |
"UDP Query User{CD7BA219-B5C0-43A8-99B2-06F620FC33E0}V:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=v:\windows\system32\taskeng.exe |
"UDP Query User{DEB5772D-0338-48EC-BD98-0C9E92E58937}H:\spiele\die 15 beliebtesten kartenspiele\bin\cards.exe" = protocol=17 | dir=in | app=h:\spiele\die 15 beliebtesten kartenspiele\bin\cards.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F5635E9-FDB2-4220-8D4B-17E0035994DA}" = Panzer Elite Action MP Demo
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4E65796E-62E4-4EF7-9E1E-AADB7E0371CB}" = Eisenbahn.exe Professional 5.0 DEMO
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{51AA8C3F-B316-44A8-B371-4BB6047E45DF}" = WSC Real 09
"{51FEEDB2-CE1E-474B-A0B3-DF1630FAE8F1}_is1" = Sprengmeister DEMO 1.3.11
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6C9FA746-8759-4040-A436-42922CB3492E}" = VistaBootPRO 3.3
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software
"{79A8BCE9-88D4-408F-9F05-94EED5552836}" = 4x4 Hummer
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{87E3ADD7-AFDB-4FE5-B517-7FC6617D340E}" = Motorola Driver Installation 4.2.4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9C488DA2-01C0-47A4-A4C9-7A1F82B819D9}" = Construction - Destruction
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{D95F0670-EBA8-46B2-8ABE-9DDA2BC3DC7E}" = Philips SPC315NC Webcam
"{DA399721-2D85-471E-A447-9CCD89A89CA8}" = BahnsimPRO
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6CB18CD-04EF-4C6A-A5F3-5F49E7332895}" = O&O Defrag Professional Edition
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E21346-E070-40CE-A9A9-D5AB83722382}" = Steganos Internet Anonym VPN
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AuranTS2009_is1" = Trainz Simulator 2009: World Builder Edition
"BurnAware Free_is1" = BurnAware Free 2.4.1
"Bus-Simulator 2009_is1" = Bus-Simulator 2009
"CCleaner" = CCleaner
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"Die 15 beliebtesten Kartenspiele_is1" = Die 15 beliebtesten Kartenspiele
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DSGPlayer" = SAT1 GAME CENTER
"Euro Truck Simulator" = Euro Truck Simulator 1.00
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{9C488DA2-01C0-47A4-A4C9-7A1F82B819D9}" = Construction - Destruction
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"Invision 2.0 Build 3515" = Invision 2.0 Build 3515
"IrfanView" = IrfanView (remove only)
"Ironclads - Schleswig War Demo_is1" = Ironclads - Schleswig War Demo (version 1.3.0.11)
"IsoBuster_is1" = IsoBuster 2.8
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"MessengerPlusLive_Germany_TB Toolbar" = MessengerPlusLive Germany TB Toolbar
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"mIRC" = mIRC
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NVIDIA Drivers" = NVIDIA Drivers
"OEMInformation" = OEM Logo and Information
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenAL" = OpenAL
"Panzer Simulator - 30 Minuten Demo" = Panzer Simulator - 30 Minuten Demo (entfernen)
"Passfoto Manager_is1" = Passfoto Manager Ver. 1.3
"PokerStars" = PokerStars
"PPStream_is1" = PPStream
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Proxifier_is1" = Proxifier version 2.8
"PunkBusterSvc" = PunkBuster Services
"RADVideo" = RAD Video Tools
"RocketDock_is1" = RocketDock 1.3.5
"Shipsim2008" = Ship Simulator 2008
"Sky Fight_is1" = Sky Fight
"SopCast" = SopCast 3.2.4
"Spreng- und Abriss-Simulator (Demo)" = Spreng- und Abriss-Simulator (Demo)
"StreamTorrent 1.0" = Stream Torrent 1.0
"Summer Athletics 2009_is1" = Summer Athletics 2009
"Supreme Auction_is1" = Supreme Auction
"SystemRequirementsLab" = System Requirements Lab
"Tank Simulation Demo" = Tank Simulation Demo
"TankTime 3D MultiPlayer_is1" = TankTime 3D MultiPlayer 1.1
"THIV_is1" = The Hell in Vietnam
"TVUPlayer" = TVUPlayer 2.4.7.2
"UltSounds" = Windows-Soundschemas
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"Veetle TV" = Veetle TV 0.9.15
"Video mp3 Extractor_is1" = Video mp3 Extractor
"Virtual Railroad Professional 4.0 Demo" = Virtual Railroad Professional 4.0 Demo
"VLC media player" = VLC media player 1.0.1
"VueScan" = VueScan
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"World_Series_Of_Poker_1.0" = World Series Of Poker
"xp-AntiSpy" = xp-AntiSpy 3.97-3
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-792815470-2588575354-2298569724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Monopoly Deluxe" = Monopoly Deluxe
"Seamulator 2009" = Seamulator 2009
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24.09.2010 10:03:14 | Computer Name = *****-PC | Source = ESENT | ID = 215
Description = WinMail (1808) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 24.09.2010 12:02:53 | Computer Name = *****-PC | Source = MsiInstaller | ID = 11310
Description =
Error - 24.09.2010 12:03:19 | Computer Name = *****-PC | Source = MsiInstaller | ID = 11310
Description =
Error - 25.09.2010 04:09:32 | Computer Name = *****-PC | Source = ESENT | ID = 484
Description = WinMail (2468) WindowsMail0: Versuch, Ordner "V:\Users\*****\AppData\Local\Microsoft\Windows
Mail\Backup\old" zu entfernen, ist mit Systemfehler 145 (0x00000091): "Das Verzeichnis
ist nicht leer. " fehlgeschlagen. Fehler -1022 (0xfffffc02) beim Entfernen von
Ordnern.
Error - 25.09.2010 04:09:32 | Computer Name = *****-PC | Source = ESENT | ID = 215
Description = WinMail (2468) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 28.09.2010 11:54:08 | Computer Name = *****-PC | Source = ESENT | ID = 484
Description = WinMail (5100) WindowsMail0: Versuch, Ordner "V:\Users\*****\AppData\Local\Microsoft\Windows
Mail\Backup\old" zu entfernen, ist mit Systemfehler 145 (0x00000091): "Das Verzeichnis
ist nicht leer. " fehlgeschlagen. Fehler -1022 (0xfffffc02) beim Entfernen von
Ordnern.
Error - 28.09.2010 11:54:08 | Computer Name = *****-PC | Source = ESENT | ID = 215
Description = WinMail (5100) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 28.09.2010 17:40:40 | Computer Name = *****-PC | Source = MsiInstaller | ID = 11310
Description =
Error - 28.09.2010 17:41:00 | Computer Name = *****-PC | Source = MsiInstaller | ID = 11310
Description =
Error - 29.09.2010 17:27:48 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MotoConnect.exe, Version 1.1.19.0, Zeitstempel
0x4b25e0ca, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18005, Zeitstempel
0x49e037dd, Ausnahmecode 0xe06d7363, Fehleroffset 0x0003fbae, Prozess-ID 0x69c,
Anwendungsstartzeit 01cb601d29a6468b.
[ Media Center Events ]
Error - 23.09.2010 09:28:57 | Computer Name = *****-PC | Source = ehRecvr | ID = 4
Description =
Error - 23.09.2010 09:36:08 | Computer Name = *****-PC | Source = ehRecvr | ID = 4
Description =
Error - 23.09.2010 12:36:53 | Computer Name = *****-PC | Source = ehRecvr | ID = 4
Description =
Error - 24.09.2010 07:29:32 | Computer Name = *****-PC | Source = ehRecvr | ID = 4
Description =
Error - 24.09.2010 08:29:16 | Computer Name = *****-PC | Source = ehRecvr | ID = 4
Description =
Error - 24.09.2010 09:26:31 | Computer Name = *****-PC | Source = ehRecvr | ID = 4
Description =
Error - 24.09.2010 16:02:30 | Computer Name = *****-PC | Source = ehRecvr | ID = 4
Description =
Error - 25.09.2010 04:08:51 | Computer Name = *****-PC | Source = ehRecvr | ID = 4
Description =
Error - 25.09.2010 05:31:59 | Computer Name = *****-PC | Source = ehRecvr | ID = 4
Description =
Error - 28.09.2010 11:53:06 | Computer Name = *****-PC | Source = ehRecvr | ID = 4
Description =
[ System Events ]
Error - 13.02.2010 10:51:16 | Computer Name = *****-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 15.02.2010 03:06:10 | Computer Name = *****-PC | Source = volsnap | ID = 393245
Description = Die Schattenkopien von Volume "V:" wurde während der Ermittlung abgebrochen.
Error - 15.02.2010 03:07:15 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 15.02.2010 06:41:55 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 15.02.2010 10:50:59 | Computer Name = *****-PC | Source = volsnap | ID = 393245
Description = Die Schattenkopien von Volume "V:" wurde während der Ermittlung abgebrochen.
Error - 15.02.2010 10:53:12 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 16.02.2010 01:28:39 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 16.02.2010 15:02:20 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 17.02.2010 02:08:00 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 17.02.2010 11:15:14 | Computer Name = *****-PC | Source = volsnap | ID = 393245
Description = Die Schattenkopien von Volume "V:" wurde während der Ermittlung abgebrochen.
[ TuneUp Events ]
Error - 01.09.2010 15:28:24 | Computer Name = *****-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 02.09.2010 16:11:28 | Computer Name = *****-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 04.09.2010 07:55:19 | Computer Name = *****-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 05.09.2010 12:01:28 | Computer Name = *****-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 06.09.2010 12:09:59 | Computer Name = *****-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 07.09.2010 09:36:22 | Computer Name = *****-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 08.09.2010 09:23:38 | Computer Name = *****-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 10.09.2010 08:33:51 | Computer Name = *****-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 10.09.2010 13:18:00 | Computer Name = *****-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 10.09.2010 13:21:34 | Computer Name = *****-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
Hier noch die Malwarebytes Logfile: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4722 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 30.09.2010 17:47:03 mbam-log-2010-09-30 (17-47-03).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 150345 Laufzeit: 7 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{bb571243-db00-129a-d141-3b29754d5171} (Spyware.Zbot) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: V:\Users\Willi\AppData\Roaming\Molia\epaps.exe (Spyware.Zbot) -> Quarantined and deleted successfully. Habe 2 Datein löschen können, das eigentlich Problem besteht jedoch weiterhin. :\ Geändert von clubb1ng (30.09.2010 um 17:09 Uhr) |
|
30.09.2010, 17:14
| #4 |
| /// Malware-holic | Internet sehr langsam, keine Downloads möglich -> Winsock LSP / prxerdrv.dll im Logfile toolbars: toolbars sollten deinstaliert werden, sie machen den browser langsam, stellen ein zusätzliches sicherheitsrisiko dar und können nutzer daten ausspähen. deinstaliere: MessengerPlusLive Germany TB Toolbar deinstaliere spybot, das stört die reinigung, starte neu. spybot bringt eh nur 1x die woche updates und du hast schon genug andere programme, also lass es dann auch gleich für immer weg. adaware kann eigendlich auch runter, du hast ja dann mbam und windows defender. • Starte bitte die OTL.exe. • Kopiere nun das Folgende in die Textbox. :OTL SRV - (Boonty Games) -- V:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe File not found DRV - (NwlnkFwd) -- V:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- V:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- V:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (EagleNT) -- V:\Windows\System32\drivers\EagleNT.sys File not found O4 - HKU\S-1-5-21-792815470-2588575354-2298569724-1000..\Run: [{BB571243-DB00-129A-D141-3B29754D5171}] V:\Users\Willi\AppData\Roaming\Molia\epaps.exe () [2010.08.31 22:56:41 | 000,000,000 | ---D | M] -- V:\Users\Willi\AppData\Roaming\Molia [2010.09.30 17:45:38 | 000,000,000 | ---D | M] -- V:\Users\Willi\AppData\Roaming\Qeocyl :FILES :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument dieses posten öffne mein computer, c:\_OTL rechtsklick auf moved files und zu moved files.rar oder zip hinzufügen. archiv zu uns hochladen. http://www.trojaner-board.de/54791-a...ner-board.html |
|
30.09.2010, 17:39
| #5 |
| | Internet sehr langsam, keine Downloads möglich -> Winsock LSP / prxerdrv.dll im Logfile Danke für die Hilfe. Die Toolbar habe ich deinstalliert, sowie S&D & Ad-Aware. Hier ist die Logfile, diese kam nach dem Neustart. All processes killed ========== OTL ========== Service Boonty Games stopped successfully! Service Boonty Games deleted successfully! File V:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe File not found not found. Service NwlnkFwd stopped successfully! Service NwlnkFwd deleted successfully! File V:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found not found. Service NwlnkFlt stopped successfully! Service NwlnkFlt deleted successfully! File V:\Windows\System32\DRIVERS\nwlnkflt.sys File not found not found. Service IpInIp stopped successfully! Service IpInIp deleted successfully! File V:\Windows\System32\DRIVERS\ipinip.sys File not found not found. Service EagleNT stopped successfully! Service EagleNT deleted successfully! File V:\Windows\System32\drivers\EagleNT.sys File not found not found. Registry value HKEY_USERS\S-1-5-21-792815470-2588575354-2298569724-1000\Software\Microsoft\Windows\CurrentVersion\Run\\{BB571243-DB00-129A-D141-3B29754D5171} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB571243-DB00-129A-D141-3B29754D5171}\ not found. File V:\Users\*****\AppData\Roaming\Molia\epaps.exe not found. V:\Users\*****\AppData\Roaming\Molia folder moved successfully. V:\Users\*****\AppData\Roaming\Qeocyl folder moved successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Gast User: Public User: ***** ->Flash cache emptied: 6264 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gast ->Temp folder emptied: 49661 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Public User: ***** ->Temp folder emptied: 553505057 bytes ->Temporary Internet Files folder emptied: 523809 bytes ->Java cache emptied: 116017202 bytes ->FireFox cache emptied: 44022141 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 95748561 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95689 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes RecycleBin emptied: 4369088 bytes Total Files Cleaned = 777,00 mb OTL by OldTimer - Version 3.2.14.1 log created on 09302010_182915 Files\Folders moved on Reboot... File\Folder V:\Windows\temp\logishrd\LVPrcInj01.dll not found! Registry entries deleted on Reboot... ------------ MovedFiles.rar habe ich im Upload-Channel hochgeladen. MfG, Dennis |
|
30.09.2010, 17:48
| #6 |
| /// Malware-holic | Internet sehr langsam, keine Downloads möglich -> Winsock LSP / prxerdrv.dll im Logfile hi, ich sehe du hast Malwarebytes genutzt, poste das log, zu finden unter logdateien. machst du eigendlich onlinebanking oder ähnliches? bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
30.09.2010, 17:54
| #7 |
| | Internet sehr langsam, keine Downloads möglich -> Winsock LSP / prxerdrv.dll im Logfile Hi, ja ich habe Malwarebytes benutzt, die Logfile hatte ich oben dazwischen kopiert. Sorry, hier ist sie nochmal. Code:
ATTFilter Hier noch die Malwarebytes Logfile: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4722 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 30.09.2010 17:47:03 mbam-log-2010-09-30 (17-47-03).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 150345 Laufzeit: 7 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{bb571243-db00-129a-d141-3b29754d5171} (Spyware.Zbot) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: V:\Users\****\AppData\Roaming\Molia\epaps.exe (Spyware.Zbot) -> Quarantined and deleted successfully. Auch nichts ähnliches eigentlich. Mein Vater spielt eigentlich nur PC Spiele hier und schickt gelegentlich mal E-Mail und so. Wieso? Hast Du etwas auffälliges in der Richtung gefunden? Combofix log mache ich jetzt direkt und poste gleich den Log, hört sich nach einem guten Tool an!! MfG, Dennis |
|
30.09.2010, 17:55
| #8 |
| /// Malware-holic | Internet sehr langsam, keine Downloads möglich -> Winsock LSP / prxerdrv.dll im Logfile ja einen trojaner der daten stiehlt also wenn an dem pc was wichtiges gemacht wird wäre neu aufsetzen vllt das beste. |
|
30.09.2010, 18:22
| #9 | |
| | Internet sehr langsam, keine Downloads möglich -> Winsock LSP / prxerdrv.dll im LogfileZitat:
[Code] Combofix Logfile: Code:
ATTFilter ComboFix 10-09-29.04 - ***** 30.09.2010 19:06:12.1.2 - x86
ausgeführt von:: v:\users\*****\Desktop\# DOWNLOADS\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
v:\windows\system32\ui
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-28 bis 2010-09-30 ))))))))))))))))))))))))))))))
.
2010-09-30 17:11 . 2010-09-30 17:11 -------- d-----w- v:\users\*****\AppData\Local\temp
2010-09-30 16:29 . 2010-09-30 16:32 -------- d-----w- V:\_OTL
2010-09-30 16:16 . 2010-09-30 16:16 2560 ----a-w- v:\windows\_MSRSTRT.EXE
2010-09-30 15:37 . 2010-09-30 15:37 -------- d-----w- v:\users\*****\AppData\Roaming\Malwarebytes
2010-09-30 15:37 . 2010-04-29 10:19 38224 ----a-w- v:\windows\system32\drivers\mbamswissarmy.sys
2010-09-30 15:37 . 2010-09-30 15:37 -------- d-----w- v:\programdata\Malwarebytes
2010-09-30 15:37 . 2010-09-30 15:37 -------- d-----w- v:\program files\Malwarebytes' Anti-Malware
2010-09-30 15:37 . 2010-04-29 10:19 20952 ----a-w- v:\windows\system32\drivers\mbam.sys
2010-09-23 19:06 . 2010-09-23 19:06 -------- d-----w- v:\users\*****\AppData\Roaming\Printer Info Cache
2010-09-23 19:06 . 2010-09-23 19:06 -------- d-----w- v:\users\*****\AppData\Roaming\Image Zone Express
2010-09-23 16:26 . 2010-09-23 16:26 -------- d-----w- v:\programdata\WEBREG
2010-09-23 16:26 . 2010-09-23 16:33 -------- d-----w- v:\users\*****\AppData\Roaming\HP
2010-09-23 16:25 . 2010-09-23 16:25 -------- d-----w- v:\programdata\HPSSUPPLY
2010-09-23 16:22 . 2010-09-23 16:22 -------- d-----w- v:\program files\Hewlett-Packard
2010-09-23 16:22 . 2010-09-23 16:22 -------- d-----w- v:\program files\Common Files\Hewlett-Packard
2010-09-23 16:22 . 2010-09-23 16:25 -------- d-----w- v:\program files\Common Files\HP
2010-09-23 16:18 . 2010-09-23 16:26 164302 ----a-w- v:\windows\hpoins19.dat
2010-09-23 16:18 . 2010-09-23 16:27 -------- d-----w- v:\programdata\HP
2010-09-23 16:17 . 2007-03-13 19:50 26952 ----a-w- v:\windows\hpomdl19.dat
2010-09-20 22:04 . 2010-09-20 22:04 -------- d-----w- v:\program files\Conduit
2010-09-15 14:37 . 2010-09-15 14:37 -------- d-----w- v:\program files\XP TCPIP Repair
2010-09-10 14:39 . 2010-09-10 14:39 1079048 ----a-w- v:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 16:24 . 2009-08-29 15:48 -------- d-----w- v:\programdata\Lavasoft
2010-09-30 16:24 . 2009-08-29 15:48 -------- d-----w- v:\program files\Lavasoft
2010-09-30 16:23 . 2009-08-29 16:23 -------- d-----w- v:\programdata\Spybot - Search & Destroy
2010-09-30 15:40 . 2009-09-26 20:09 -------- d-----w- v:\program files\Google
2010-09-24 16:02 . 2009-08-29 17:56 -------- d-----w- v:\program files\Common Files\Adobe
2010-09-24 15:26 . 2009-09-16 20:44 1 ----a-w- v:\users\*****\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-23 16:25 . 2009-08-23 21:05 -------- d-----w- v:\program files\HP
2010-09-23 16:19 . 2006-11-02 10:25 86016 ----a-w- v:\windows\Inf\infstor.dat
2010-09-23 16:19 . 2006-11-02 10:25 51200 ----a-w- v:\windows\Inf\infpub.dat
2010-09-23 16:19 . 2006-11-02 10:25 143360 ----a-w- v:\windows\Inf\infstrng.dat
2010-09-20 22:06 . 2009-08-24 19:56 -------- d-----w- v:\programdata\Messenger Plus!
2010-09-20 22:03 . 2009-08-24 19:54 -------- d-----w- v:\program files\Messenger Plus! Live
2010-09-15 18:48 . 2009-08-23 22:24 -------- d-----w- v:\program files\Steganos Internet Anonym VPN
2010-09-15 18:46 . 2010-04-04 15:53 -------- d-sh--w- v:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-09-15 18:46 . 2009-08-23 17:21 -------- d-----w- v:\programdata\NVIDIA
2010-09-15 18:46 . 2009-08-23 17:14 -------- d-----w- v:\program files\SystemRequirementsLab
2010-09-15 18:46 . 2009-08-23 21:00 -------- d--h--w- v:\program files\InstallShield Installation Information
2010-09-14 19:40 . 2009-08-24 17:15 -------- d-----w- v:\program files\CCleaner
2010-09-14 18:58 . 2009-08-24 15:25 -------- d-----w- v:\program files\TuneUp Utilities 2009
2010-09-14 18:53 . 2009-08-29 15:33 -------- d-----w- v:\programdata\Norton
2010-09-14 18:38 . 2009-08-29 15:32 -------- d-----w- v:\programdata\NortonInstaller
2010-09-07 08:29 . 2009-08-25 15:36 -------- d-----w- v:\users\*****\AppData\Roaming\vlc
2010-08-26 11:39 . 2009-04-11 16:55 628430 ----a-w- v:\windows\system32\perfh007.dat
2010-08-26 11:39 . 2009-04-11 16:55 126236 ----a-w- v:\windows\system32\perfc007.dat
2010-08-20 14:23 . 2010-08-20 14:23 -------- d-----w- v:\program files\City Interactive
2010-08-17 17:42 . 2010-08-17 17:42 -------- d-----w- v:\program files\MyRealGames.com
2010-08-07 18:27 . 2010-08-07 18:27 -------- d-----w- v:\program files\prophetsoft
2010-08-03 18:41 . 2010-08-03 18:41 0 ---ha-w- v:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-08-02 16:15 . 2010-07-29 16:14 -------- d-----w- v:\program files\Panzer Simulator - 30 Minuten Demo
2010-08-02 16:13 . 2009-08-26 22:18 -------- d-----w- v:\program files\AGEIA Technologies
2010-08-02 16:12 . 2010-08-02 16:12 -------- d-----w- v:\program files\Common Files\Wise Installation Wizard
2010-08-01 12:56 . 2010-08-01 12:56 53248 ----a-r- v:\users\*****\AppData\Roaming\Microsoft\Installer\{3F5635E9-FDB2-4220-8D4B-17E0035994DA}\SC_stargame1_3F5635E9FDB242208D4B17E0035994DA.exe
2010-08-01 12:56 . 2010-08-01 12:56 53248 ----a-r- v:\users\*****\AppData\Roaming\Microsoft\Installer\{3F5635E9-FDB2-4220-8D4B-17E0035994DA}\NewShortcut1_3F5635E9FDB242208D4B17E0035994DA.exe
2010-08-01 12:56 . 2010-08-01 12:56 10134 ----a-r- v:\users\*****\AppData\Roaming\Microsoft\Installer\{3F5635E9-FDB2-4220-8D4B-17E0035994DA}\ARPPRODUCTICON.exe
2010-07-17 18:02 . 2010-06-15 16:10 1024 ----a-w- v:\programdata\BVRP Software\mobile PhoneTools\faxres.cmd
2010-07-05 14:51 . 2009-09-04 23:44 139128 ----a-w- v:\windows\system32\drivers\PnkBstrK.sys
2010-07-05 14:51 . 2009-09-04 23:44 215128 ----a-w- v:\windows\system32\PnkBstrB.exe
2010-07-04 20:55 . 2009-08-23 17:05 8268 ----a-w- v:\users\*****\AppData\Local\d3d9caps.dat
2010-07-04 15:51 . 2010-07-04 15:51 552 ----a-w- v:\users\*****\AppData\Local\d3d8caps.dat
2010-07-04 14:10 . 2009-09-04 23:44 75064 ----a-w- v:\windows\system32\PnkBstrA.exe
2010-07-04 14:08 . 2010-07-04 14:08 138056 ----a-w- v:\users\*****\AppData\Roaming\PnkBstrK.sys
2010-07-04 14:08 . 2010-07-04 14:08 138056 ----a-w- v:\users\*****\AppData\Roaming\PnkBstrK.sys
2010-07-04 14:08 . 2010-07-04 14:08 2434856 ----a-w- v:\windows\system32\pbsvc_bc2.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="v:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"msnmsgr"="v:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-08-24 3883840]
"WMPNSCFG"="v:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="v:\windows\ehome\ehTray.exe" [2008-01-21 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="v:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-12 6965792]
"OODefragTray"="v:\windows\system32\oodtray.exe" [2008-09-04 2524416]
"LogitechQuickCamRibbon"="v:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"NvSvc"="v:\windows\system32\nvsvc.dll" [2007-06-16 86016]
"NvCplDaemon"="v:\windows\system32\NvCpl.dll" [2007-06-16 8466432]
"NvMediaCenter"="v:\windows\system32\NvMcTray.dll" [2007-06-16 81920]
"HP Software Update"="v:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
v:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - v:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-792815470-2588575354-2298569724-1000]
"EnableNotificationsRef"=dword:00000001
R0 Lbd;Lbd;v:\windows\system32\DRIVERS\Lbd.sys [x]
R2 AVPNStarter;Steganos Anonym VPN Starter Service;v:\program files\Steganos Internet Anonym VPN\AVPNStarter.exe [2009-01-05 21504]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;v:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);v:\program files\Google\Update\GoogleUpdate.exe [2009-09-26 133104]
R3 WDC_SAM;WD SCSI Pass Thru driver;v:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;v:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;v:\windows\system32\Drivers\sptd.sys [2009-08-26 722416]
S2 acedrv11;acedrv11;v:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 MotoConnect Service;MotoConnect Service;v:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2009-12-14 92928]
S3 3xHybrid;Philips SAA713x PCI Card;v:\windows\system32\DRIVERS\3xHybrid.sys [2008-01-08 1302368]
S3 tapavpn;Steganos Anonym VPN Adapter;v:\windows\system32\DRIVERS\tapavpn.sys [2007-10-19 24320]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 15:23 38400 ----a-w- v:\windows\System32\SoundSchemes.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 08:50 30720 ----a-w- v:\windows\System32\soundschemes2.exe
.
Inhalt des "geplante Tasks" Ordners
2010-09-30 v:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- v:\program files\Google\Update\GoogleUpdate.exe [2009-09-26 20:08]
2010-09-30 v:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- v:\program files\Google\Update\GoogleUpdate.exe [2009-09-26 20:08]
2009-08-24 v:\windows\Tasks\{2034705D-2D06-4701-8766-5D6C9CE0234E}.job
- v:\program files\Skype\Phone\Skype.exe [2009-07-16 11:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
LSP: %SystemRoot%\system32\PrxerDrv.dll
FF - ProfilePath - v:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\yf15we85.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2719325&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - google.de
FF - plugin: v:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: v:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: v:\program files\Veetle\Player\npvlc.dll
FF - plugin: v:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: v:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: v:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: v:\windows\system32\TVUAx\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - v:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
v:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
v:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
v:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
AddRemove-Monopoly Deluxe - h:\spiele\Monopoly2\Monopoly Deluxe\GameInstlr.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-30 19:11
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-792815470-2588575354-2298569724-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e0,d3,f8,ff,1e,7a,a0,34,e9,e7,9d,61,7c,d9,17,68,87,29,08,50,6e,52,db,
fb,d0,82,aa,63,27,59,fa,b1,d3,b7,3b,70,a8,77,00,d0,13,fc,e0,f6,aa,67,93,56,\
"??"=hex:f4,21,c1,5a,54,86,41,09,f6,cd,22,86,5e,3c,20,f0
[HKEY_USERS\S-1-5-21-792815470-2588575354-2298569724-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:9a,6d,c5,8b,15,7c,7b,8e,4f,ef,ad,e4,14,54,58,77,f9,db,4a,8f,dc,
cc,25,fa,ca,79,c6,1a,47,08,ec,99,d0,e9,2a,46,dc,4f,4d,66,a3,52,12,f7,1a,d6,\
"rkeysecu"=hex:9f,cb,91,12,08,ea,67,33,f1,85,d1,81,a6,c8,1f,99
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="8FD0A80169DD31AD8D0F7F066D7C9CBF52607CDB52DD2DF9ED0F4754B0733DA0101657E9FD3379156215FA9FE8F4B1DD6A2174AFC7A9BB8185FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452FEBC9E127BECC74CBA7FD869164D67943AE8511FB3777587C6202EC645077DD48D1ABB06DC2C1AF96339A9314EF405920CE439BE983BA602099CE7B59C876F6AB0A3F7AA2082FAAD24BF38CC22770F0A82FE2D0B7F655F407C157AB8E7262AC22AC22857A31C1D863ED630D9A3F78D52FD2F608BED078726105B8B7AC71D9BB6954488F642FC926C9C6302220EE3DA01D5151A8D9A985B1FA7E85767108B069F05956939110DC1CA9B6FB3B8D00E2033D470B3A3F3726D979AD6AC324C757F5C7A4D2F105598E5920D27DD6E8E29DF8AB6299BA29A54A081B2E46F5239C1F0CFED22D0348A508E3435DBAEDE1FD1E92BAFC8D2A2E0DEAED1B0F49601493C97DF4DEEDCA05E481DAACC02E5630F02E9BD65FB7102D19AA484460F2CBB201486F7F6B57193B379496F0132DA1D9C1ED96FEF16A1E1A9EFE1149A5DD1461ADC23863F19449020BF1E03732AF4F03C6A09EFDF8C21A6D6AF1D05482FB825410E27FDED611C5EEFDB79E939CA3286140F9D74B5794278008ADDDA5F7728A35A82A05640F95789A0730FA95B19A4C9021B8CB5681A6AC67C170120624D7D5058FA7008E473645F640C644F55BC6FEA9300237061D096425ACF3862496AA67B6619CD9381014974239355EA9A03CEDD8D1200657EA3D15E58930634FCAEA63CE1E5417AACFA9C9EF5DB10100EDE8DDBE68B195891BB4056EB24C6A95E9D94ED5B4BA74472DC8A7BAB9618550AE18E604A89B312E1E89626BC2824DDC05C1DAC191AB5F9D24855E6C75EC3565BC7462B980D6D61A81A220FA82A20ECE8387E5C15046F2C437E4F0600AE3D34426B3DBFE4FB35139367BD173F188FF9931E8B217C222E6C2AE9E2BF3E680591F3CF92E7F6A04F00458ADD0646C41B296FA02DE7AF6FA0D2E3140A3FA2CDEB169A9876AF4AA652FCD3600869B4E73FA5A078DCDC454B48F7C1AE56737E8A1AED538E2EE50D9F2CE9C86C5792B719CC9C3C002B710778FA7B060C6A90582988482D9E9320A4031AA52353F8972F58E93F4E35BADDF29EE2006926810CEA9A88D8AE599336A8A73294D35E2F5031888D44D5BB421CB8C97C2C9818652125B23BD65074AEC2E1CCDAA0C07DD0DA05EF8463C45A0FE83F681A2B339F7750A92A97FE804AFA2853124FB5454148182737715C05FB7E479FCE622B4C24AB5CCE1EE8119D54A2892FFEA1C42DDF93AC48EEC6EEEDAF84FD27B3CEDE6C2B0B4B1F8ECDCE7FB5E1CE5B7B3342BD334581CD88CEE251A7A89458B22D7B11E1B0E9D7DE39"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-30 19:14:57
ComboFix-quarantined-files.txt 2010-09-30 17:14
Vor Suchlauf: 10 Verzeichnis(se), 11.874.267.136 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 11.598.757.888 Bytes frei
- - End Of File - - 71A9AE47D41F8FBB7831F6D4E48F7265
Vielleicht besteht eine Chance den Übeltäter zu entfernen. :\ Achja, hast Du vllt eine Idee wie ich diese 3 Einträge aus dem HijackThis Log korrekt entferne, ohne LSP-Fix. LSP-Fix sagt "No Problems Founds O10 - Unknown file in Winsock LSP: v:\windows\system32\prxernsp.dll O10 - Unknown file in Winsock LSP: v:\windows\system32\prxerdrv.dll O10 - Unknown file in Winsock LSP: v:\windows\system32\prxerdrv.dll MfG, Dennis |
|
30.09.2010, 18:29
| #10 |
| /// Malware-holic | Internet sehr langsam, keine Downloads möglich -> Winsock LSP / prxerdrv.dll im Logfile nutze den eset online scan, ergebniss posten. Free ESET Online Antivirus Scanner |
|
30.09.2010, 19:01
| #11 |
| | Internet sehr langsam, keine Downloads möglich -> Winsock LSP / prxerdrv.dll im Logfile Ok, ich scanne und bin jetzt bei 59%, zwei infizierte Files wurden bis jetzt gefunden. Der Log kommt gleich, wenn der Scan beendet ist. //edit: Hier die Eset Logfile: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=57c86c0509cb8243bb99aca9dd2b4c90
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-09-30 06:40:24
# local_time=2010-09-30 08:40:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 19640674 19640674 0 0
# compatibility_mode=5892 16776574 100 91 1291541 123400783 0 0
# compatibility_mode=8192 67108863 100 0 98 98 0 0
# scanned=305535
# found=4
# cleaned=4
# scan_time=4096
C:\asdadsadsa.exe\asdadsadsa.exe a variant of Win32/Kryptik.GPR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Programme\VistaCodecPack\Tools\renderer32.exe Win32/Packed.Autoit.E.Gen application (deleted - quarantined) 00000000000000000000000000000000 C
V:\Program Files\FlashFXP\FlashFXP.exe probably a variant of Win32/TrojanDropper.Delf.FIXUUTB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
V:\Program Files\VistaCodecPack\Tools\renderer32.exe Win32/Packed.Autoit.E.Gen application (deleted - quarantined) 00000000000000000000000000000000 C
Geändert von clubb1ng (30.09.2010 um 19:49 Uhr) |
|
30.09.2010, 19:51
| #12 |
| /// Malware-holic | Internet sehr langsam, keine Downloads möglich -> Winsock LSP / prxerdrv.dll im Logfile hast du 2 windows instalationen? beide sehen verseucht aus, man sollte evtl. übers neu aufsetzen nachdenken, da du auch 2 verschiedene nicht grad ungefährliche trojaner an board hast. |
|
30.09.2010, 20:20
| #13 |
| | Internet sehr langsam, keine Downloads möglich -> Winsock LSP / prxerdrv.dll im Logfile Ja, ich habe zwei Windows Installationen. Welche Trojaner sind denn noch vorhanden? Und weißt du wie ich die 3 Einträge im Winsock LSP fixxe? MfG, Dennis |
|
| Themen zu Internet sehr langsam, keine Downloads möglich -> Winsock LSP / prxerdrv.dll im Logfile |
| ad-aware, ad-watch, adobe, avp, bho, dll, explorer, firefox, google, hijack, hijackthis, internet, internet explorer, internet sehr langsam, keine downloads, langsam, logfile, mozilla, object, plug-in, problem, realtek, rundll, safer networking, security, sehr langsam, software, system, tcp/ip, vista, windows, wmp |
Linear-Darstellung
