| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mehrere Trojaner wie Bubnix.ZM, Bubnix.abd.1, Bredolab.AA.312 :-(Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.10.2010, 10:09
| #1 |
| |  Mehrere Trojaner wie Bubnix.ZM, Bubnix.abd.1, Bredolab.AA.312 :-( Hallo, ich brauche dringend eure Hilfe. Mein Virenscanner Antivir zeigt mir immer wieder die oben genannten Trojaner an, kann sie aber wohl nicht löschen. Auch diverse andere Programme brachten keine hilfe, erkannten sie teilweise auch nicht. Ich kenne mich zwar grundsätzlich ein wenig mit Computern aus, aber nicht mit Viren und Trojanern, da ich noch nie wirklich ein Problem damit hatte. Ich hoffe ihr könnt mir helfen, sonst muss ich wohl Windoof neu draufmachen Gruß Hier mal das Log von Malwareytes: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4799 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 12.10.2010 11:58:50 mbam-log-2010-10-12 (11-58-50).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 132184 Laufzeit: 3 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\system32\Drivers\mqysda.sys (Rootkit.Bubnix) -> Quarantined and deleted successfully. C:\Windows\system32\Drivers\ptqdjtpa.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Users\Sascha\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. Das defogger_disabke.log defogger_disable by jpshortstuff (23.02.10.1) Log created at 12:02 on 12/10/2010 (Sascha) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKCU  AEMON Tools Lite -> RemovedChecking for services/drivers... Unable to read mqysda.sys Unable to read ptqdjtpa.sys Unable to read sptd.sys SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- Gmer.txt GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-10-12 12:51:13
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Sascha\AppData\Local\Temp\fwryqpog.sys
---- System - GMER 1.0.15 ----
SSDT 97709D1C ZwCreateThread
SSDT 97709D08 ZwOpenProcess
SSDT 97709D0D ZwOpenThread
SSDT 97709D17 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 221 81EC9984 4 Bytes [1C, 9D, 70, 97] {SBB AL, 0x9d; JO 0xffffffffffffff9b}
.text ntkrnlpa.exe!KeSetEvent + 3F2 81EC9B55 3 Bytes [9D, 70, 97] {POPF ; JO 0xffffffffffffff9a}
.text ntkrnlpa.exe!KeSetEvent + 40D 81EC9B70 4 Bytes [0D, 9D, 70, 97]
.text ntkrnlpa.exe!KeSetEvent + 621 81EC9D84 4 Bytes [17, 9D, 70, 97] {POP SS; POPF ; JO 0xffffffffffffff9b}
? System32\Drivers\mqysda.sys Ein an das System angeschlossenes Gerät funktioniert nicht. !
? System32\Drivers\ptqdjtpa.sys Ein an das System angeschlossenes Gerät funktioniert nicht. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E009000, 0x31BA76, 0xE8000020]
.vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0x9B14569D]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9B14A300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9B18D300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!DialogBoxParamW 767210B0 5 Bytes JMP 7039BF9F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!DialogBoxIndirectParamW 76722EF5 5 Bytes JMP 704DB4AA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!DialogBoxParamA 76738152 5 Bytes JMP 704DB46F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!DialogBoxIndirectParamA 7673847D 5 Bytes JMP 704DB4E5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!MessageBoxIndirectA 7674D4D9 5 Bytes JMP 704DB42B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!MessageBoxIndirectW 7674D5D3 5 Bytes JMP 704DB3E7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!MessageBoxExA 7674D639 5 Bytes JMP 704DB3AD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!MessageBoxExW 7674D65D 5 Bytes JMP 704DB373 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5472] ole32.dll!OleLoadFromStream 77B11E12 5 Bytes JMP 704DB6A7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8626D3B8
---- Services - GMER 1.0.15 ----
Service (*** hidden *** ) [BOOT] mqysda <-- ROOTKIT !!!
Service (*** hidden *** ) [BOOT] ptqdjtpa <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\mqysda@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\mqysda@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\mqysda@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\mqysda@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\ptqdjtpa@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\ptqdjtpa@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\ptqdjtpa@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\ptqdjtpa@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\ptqdjtpa@{29f203b9-63e0-631b-40af-f935e85f67c0} 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA1 0xD9 0xD2 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6E 0x3D 0xB2 0xE5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBF 0x7E 0xF7 0xA5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\mqysda@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\mqysda@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\mqysda@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\mqysda@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\ptqdjtpa@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\ptqdjtpa@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\ptqdjtpa@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\ptqdjtpa@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\ptqdjtpa@{29f203b9-63e0-631b-40af-f935e85f67c0} 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA1 0xD9 0xD2 0x93 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6E 0x3D 0xB2 0xE5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBF 0x7E 0xF7 0xA5 ...
---- EOF - GMER 1.0.15 ----
OLT.TXTOTL Logfile: Code:
ATTFilter OTL logfile created on: 12.10.2010 12:54:39 - Run 1 OTL by OldTimer - Version 3.2.15.1 Folder = C:\Users\Sascha\Desktop\MFTools Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,69 Gb Total Space | 56,42 Gb Free Space | 57,75% Space Free | Partition Type: NTFS Drive D: | 189,92 Gb Total Space | 87,32 Gb Free Space | 45,98% Space Free | Partition Type: NTFS Drive E: | 92,23 Gb Total Space | 42,42 Gb Free Space | 45,99% Space Free | Partition Type: NTFS Computer Name: SASCHA-PC | User Name: Sascha | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days ========== Processes (SafeList) ========== PRC - [2010.10.12 11:44:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Sascha\Desktop\MFTools\OTL.exe PRC - [2010.07.07 03:51:10 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.07.07 03:50:42 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010.02.03 13:57:56 | 000,389,120 | R--- | M] (Teleca) -- C:\Programme\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe PRC - [2009.12.11 14:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Programme\Common Files\Teleca Shared\Generic.exe PRC - [2009.11.19 16:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe PRC - [2009.09.29 12:29:00 | 000,356,352 | R--- | M] (Teleca Sweden AB) -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe PRC - [2009.09.29 12:28:26 | 001,011,712 | R--- | M] (Teleca Sweden AB) -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe PRC - [2009.09.29 12:03:26 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe PRC - [2009.09.29 12:03:02 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe PRC - [2009.09.15 18:02:48 | 000,180,224 | ---- | M] (ROCCAT) -- C:\Programme\ROCCAT\Kone Mouse\KoneHID.EXE PRC - [2009.08.04 18:31:56 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2009.08.04 18:31:54 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.06.03 09:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Programme\Common Files\Teleca Shared\logger.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.14 12:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Programme\Common Files\Teleca Shared\CapabilityManager.exe PRC - [2009.04.11 00:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 00:27:22 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.10.06 12:40:32 | 000,458,752 | ---- | M] (ROCCAT) -- C:\Programme\ROCCAT\Kone Mouse\OSD.exe PRC - [2008.01.19 00:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.11.21 13:17:02 | 000,017,408 | ---- | M] () -- C:\Programme\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE PRC - [2007.03.12 14:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2007.03.12 14:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe ========== Modules (SafeList) ========== MOD - [2010.10.12 11:44:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Sascha\Desktop\MFTools\OTL.exe MOD - [2010.10.08 12:06:07 | 000,050,688 | -H-- | M] () -- C:\Windows\System32\autoacls.dll MOD - [2009.09.25 04:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll MOD - [2009.04.11 00:28:24 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll MOD - [2009.04.11 00:28:24 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll MOD - [2009.04.11 00:28:20 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll MOD - [2009.04.11 00:28:20 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll MOD - [2009.04.11 00:27:48 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll MOD - [2009.04.11 00:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008.01.19 00:36:42 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll MOD - [2008.01.19 00:34:08 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll MOD - [2008.01.19 00:33:44 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll MOD - [2008.01.19 00:33:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010.09.08 20:34:38 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.07.07 03:50:42 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.26 13:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.08.24 21:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 CBE\Dfsdks.exe -- (DfSdkS) SRV - [2009.08.04 18:31:56 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.11.21 13:17:02 | 000,017,408 | ---- | M] () [Auto | Running] -- C:\Programme\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\agp440.sys -- (agp440) DRV - [2010.07.07 04:29:16 | 005,882,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010.07.07 03:15:24 | 000,210,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.05.06 13:58:06 | 000,141,312 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJMidi.sys -- (HDJMidi) DRV - [2010.05.06 13:58:02 | 000,135,168 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJBulk.sys -- (Bulk) DRV - [2010.05.06 13:57:58 | 000,185,344 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJAsioK.sys -- (HDJAsioK) DRV - [2010.05.06 11:21:36 | 000,105,488 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2010.03.29 11:58:05 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.03.29 11:58:05 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.03.04 13:50:14 | 000,261,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2010.02.16 15:03:33 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.11.25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.08.17 13:17:44 | 001,077,760 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.10 22:42:56 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.12.11 15:56:14 | 000,013,056 | ---- | M] (ROCCAT Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Kone.sys -- (KoneFltr) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.12.17 11:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO) DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.10.18 07:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {5EB31FDD-1B05-4265-8276-1388F980ED55}:1.2.1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {92878641-6D32-4FBE-AEC2-330ED6142AF7}:1.9.1 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - user.js..browser.search.openintab: false FF - HKLM\software\mozilla\Firefox\Extensions\\{92878641-6D32-4FBE-AEC2-330ED6142AF7}: C:\Users\Sascha\AppData\Local\{92878641-6D32-4FBE-AEC2-330ED6142AF7} [2010.10.08 12:07:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.16 15:37:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.16 15:37:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.09.30 13:07:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.09.01 01:52:28 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\mozilla\Extensions [2010.09.01 01:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sascha\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.10.12 10:08:11 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\mozilla\Firefox\Profiles\7gfi2xrg.default\extensions [2010.06.25 14:50:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sascha\AppData\Roaming\mozilla\Firefox\Profiles\7gfi2xrg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.13 14:50:19 | 000,000,000 | ---D | M] (GutscheinFinder) -- C:\Users\Sascha\AppData\Roaming\mozilla\Firefox\Profiles\7gfi2xrg.default\extensions\{5EB31FDD-1B05-4265-8276-1388F980ED55} [2010.09.30 15:26:41 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Sascha\AppData\Roaming\mozilla\Firefox\Profiles\7gfi2xrg.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.05.19 17:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sascha\AppData\Roaming\mozilla\Firefox\Profiles\7gfi2xrg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.04.09 11:01:00 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Sascha\AppData\Roaming\mozilla\Firefox\Profiles\7gfi2xrg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.09.30 15:36:32 | 000,000,873 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\Mozilla\FireFox\Profiles\7gfi2xrg.default\searchplugins\conduit.xml [2010.10.05 17:31:33 | 000,000,950 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\Mozilla\FireFox\Profiles\7gfi2xrg.default\searchplugins\icqplugin-1.xml [2010.03.27 21:59:00 | 000,000,944 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\Mozilla\FireFox\Profiles\7gfi2xrg.default\searchplugins\icqplugin.xml [2010.10.12 10:08:11 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2010.09.10 10:21:35 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.10 10:21:35 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.10 10:21:35 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.10 10:21:35 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.10 10:21:35 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.10.11 23:22:53 | 000,421,636 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14541 more lines... O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [Kone] C:\Program Files\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT) O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\Sascha\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sascha\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: icarougc - (C:\Windows\system32\autoacls.dll) - C:\Windows\System32\autoacls.dll () O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^Sascha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk - C:\Programme\ERUNT\AUTOBACK.EXE - () MsConfig - State: "bootini" - 2 Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivXNetworks, Inc.) Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010.10.12 11:52:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.10.12 11:51:35 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2010.10.12 11:45:43 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Malwarebytes [2010.10.12 11:45:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.12 11:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.12 11:45:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.12 11:45:20 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.12 11:43:42 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Desktop\MFTools [2010.10.12 09:56:10 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.10.11 22:47:35 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2010.10.11 22:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.10.08 12:07:53 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\{92878641-6D32-4FBE-AEC2-330ED6142AF7} [2010.09.30 15:26:43 | 000,000,000 | ---D | C] -- C:\Programme\Conduit [2010.09.30 15:26:42 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoftTB [2010.09.29 19:03:00 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\MoveFab [2010.09.23 21:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters [2010.09.23 21:08:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010.09.23 21:06:13 | 001,380,352 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\System32\rapture3d_oal.dll [2010.09.23 21:06:12 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2010.09.23 21:06:12 | 000,109,144 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2010.09.23 21:06:12 | 000,000,000 | ---D | C] -- C:\Programme\OpenAL [2010.09.23 21:06:12 | 000,000,000 | ---D | C] -- C:\Programme\BRS [2010.09.23 21:04:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive [2010.09.23 21:03:59 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Games for Windows - LIVE [2010.09.15 21:01:08 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010.09.14 10:41:18 | 000,000,000 | ---D | C] -- C:\Programme\DVDFab 8 [2010.09.01 20:45:37 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Kalypso Media [2010.09.01 20:43:10 | 000,000,000 | -H-D | C] -- C:\Windows\PIF [2010.09.01 20:43:06 | 000,000,000 | ---D | C] -- C:\Programme\ProtectDisc Driver Installer [2010.08.30 12:49:49 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\2K Games [2010.08.30 11:46:51 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation [2010.08.21 13:11:20 | 000,185,344 | ---- | C] (© Guillemot R&D, 2010. All rights reserved.) -- C:\Windows\System32\drivers\HDJAsioK.sys [2010.08.21 13:11:20 | 000,141,312 | ---- | C] (© Guillemot R&D, 2010. All rights reserved.) -- C:\Windows\System32\drivers\HDJMidi.sys [2010.08.21 13:11:20 | 000,135,168 | ---- | C] (© Guillemot R&D, 2010. All rights reserved.) -- C:\Windows\System32\drivers\HDJBulk.sys [2010.08.21 13:11:20 | 000,077,312 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\HerculesDJDevices.dll [2010.08.21 13:11:20 | 000,073,728 | ---- | C] (Hercules®) -- C:\Windows\System32\HDJAsioCpl.dll [2010.08.21 13:11:20 | 000,066,048 | ---- | C] (Hercules®) -- C:\Windows\System32\HDJAsiou.dll [2010.08.21 13:11:20 | 000,025,088 | ---- | C] (© Guillemot R&D, 2010. All rights reserved.) -- C:\Windows\System32\drivers\HDJCtrl.sys [2010.08.21 13:11:20 | 000,000,000 | ---D | C] -- C:\Programme\Guillemot [2010.08.21 13:11:19 | 000,380,928 | ---- | C] (Hercules(R)) -- C:\Windows\System32\HDJAPI.dll [2010.08.21 13:11:19 | 000,282,624 | ---- | C] (Hercules®) -- C:\Windows\System32\HDJSeries.cpl [2010.08.21 13:11:19 | 000,110,592 | ---- | C] (Hercules(R)) -- C:\Windows\System32\HRFDongle.dll [2010.08.21 13:11:19 | 000,073,728 | ---- | C] (Hercules(R)) -- C:\Windows\System32\HDJSAPI.dll [2010.08.21 13:07:23 | 000,000,000 | ---D | C] -- C:\Programme\Hercules [2010.08.19 12:18:20 | 000,000,000 | ---D | C] -- C:\Programme\MagicISO [2010.08.19 12:08:59 | 000,000,000 | ---D | C] -- C:\Programme\AnyToISO [2010.08.17 16:48:21 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Leadertech [2010.08.16 17:28:18 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\InstallShield [2010.08.16 17:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2010.07.31 12:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2010.07.31 11:38:42 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Documents\StarCraft II [2010.07.31 11:38:42 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Blizzard Entertainment [2010.07.31 11:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2010.07.21 10:49:25 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Documents\My Games [2010.07.21 10:49:25 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\My Games [2010.04.21 16:30:33 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Sascha\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 90 Days ========== [2010.10.12 12:56:33 | 000,840,192 | ---- | M] () -- C:\Windows\System32\drivers\ptqdjtpa.sys [2010.10.12 12:56:32 | 000,565,248 | ---- | M] () -- C:\Windows\System32\drivers\mqysda.sys [2010.10.12 12:52:30 | 000,005,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.12 12:52:30 | 000,005,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.12 12:52:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.12 12:52:19 | 3211,845,632 | -HS- | M] () -- C:\hiberfil.sys [2010.10.12 12:03:05 | 000,000,176 | ---- | M] () -- C:\Users\Sascha\defogger_reenable [2010.10.12 11:51:35 | 000,000,733 | ---- | M] () -- C:\Users\Sascha\Desktop\NTREGOPT.lnk [2010.10.12 11:51:35 | 000,000,714 | ---- | M] () -- C:\Users\Sascha\Desktop\ERUNT.lnk [2010.10.12 11:45:25 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.12 11:44:44 | 000,284,915 | ---- | M] () -- C:\Users\Sascha\Desktop\Gmer.zip [2010.10.12 11:44:44 | 000,050,477 | ---- | M] () -- C:\Users\Sascha\Desktop\defogger.exe [2010.10.12 09:56:02 | 134,722,543 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.10.11 23:22:53 | 000,421,636 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.10.09 10:19:54 | 000,000,120 | ---- | M] () -- C:\Users\Sascha\AppData\Local\Nzarilekihibazu.dat [2010.10.09 10:19:54 | 000,000,000 | ---- | M] () -- C:\Users\Sascha\AppData\Local\Dbagaxuve.bin [2010.10.08 12:06:07 | 000,050,688 | -H-- | M] () -- C:\Windows\System32\autoacls.dll [2010.10.08 12:06:05 | 000,000,020 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\ldcpfk.dat [2010.10.07 11:02:18 | 000,012,115 | ---- | M] () -- C:\Users\Sascha\Documents\premiere widerruf.odt [2010.10.04 21:38:33 | 000,623,042 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.04 21:38:33 | 000,591,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.04 21:38:33 | 000,124,978 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.04 21:38:33 | 000,102,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.04 14:44:42 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.10.04 13:10:38 | 000,026,624 | ---- | M] () -- C:\Users\Sascha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.23 21:06:12 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2010.09.23 21:06:12 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2010.09.14 09:17:20 | 000,087,608 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\inst.exe [2010.09.14 09:17:20 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Sascha\AppData\Roaming\pcouffin.sys [2010.09.14 09:17:20 | 000,007,887 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\pcouffin.cat [2010.09.14 09:17:20 | 000,001,144 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\pcouffin.inf [2010.09.11 08:29:48 | 000,000,000 | ---- | M] () -- C:\Windows\DbgOut.INI [2010.08.31 16:42:41 | 000,037,498 | ---- | M] () -- C:\Users\Sascha\Documents\cc_20100831_164235.reg [2010.08.21 13:14:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_HDJAsioK_01009.Wdf [2010.08.21 13:13:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_HDJBulk_01009.Wdf [2010.08.21 13:13:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010.08.20 09:27:37 | 000,001,040 | ---- | M] () -- C:\Users\Sascha\Desktop\DVDVideoSoft Free Studio.lnk [2010.08.19 12:18:21 | 000,001,608 | ---- | M] () -- C:\Users\Sascha\Desktop\MagicISO.lnk [2010.08.11 20:15:03 | 000,248,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.07.31 11:45:53 | 000,000,676 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2010.07.28 19:10:48 | 001,380,352 | ---- | M] (Blue Ripple Sound Limited) -- C:\Windows\System32\rapture3d_oal.dll ========== Files Created - No Company Name ========== [2010.10.12 12:10:05 | 000,293,376 | ---- | C] () -- C:\Users\Sascha\Desktop\gmer.exe [2010.10.12 12:02:55 | 000,000,176 | ---- | C] () -- C:\Users\Sascha\defogger_reenable [2010.10.12 11:51:35 | 000,000,733 | ---- | C] () -- C:\Users\Sascha\Desktop\NTREGOPT.lnk [2010.10.12 11:51:35 | 000,000,714 | ---- | C] () -- C:\Users\Sascha\Desktop\ERUNT.lnk [2010.10.12 11:45:25 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.12 11:44:07 | 000,050,477 | ---- | C] () -- C:\Users\Sascha\Desktop\defogger.exe [2010.10.12 11:43:47 | 000,284,915 | ---- | C] () -- C:\Users\Sascha\Desktop\Gmer.zip [2010.10.12 09:56:02 | 134,722,543 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.10.09 12:22:43 | 000,840,192 | ---- | C] () -- C:\Windows\System32\drivers\ptqdjtpa.sys [2010.10.08 12:07:55 | 000,000,120 | ---- | C] () -- C:\Users\Sascha\AppData\Local\Nzarilekihibazu.dat [2010.10.08 12:07:55 | 000,000,000 | ---- | C] () -- C:\Users\Sascha\AppData\Local\Dbagaxuve.bin [2010.10.08 12:06:40 | 000,565,248 | ---- | C] () -- C:\Windows\System32\drivers\mqysda.sys [2010.10.08 12:06:07 | 000,050,688 | -H-- | C] () -- C:\Windows\System32\autoacls.dll [2010.10.08 12:06:04 | 000,000,020 | ---- | C] () -- C:\Users\Sascha\AppData\Roaming\ldcpfk.dat [2010.10.07 11:02:15 | 000,012,115 | ---- | C] () -- C:\Users\Sascha\Documents\premiere widerruf.odt [2010.09.21 11:52:18 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.09.11 08:29:48 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI [2010.08.31 16:42:37 | 000,037,498 | ---- | C] () -- C:\Users\Sascha\Documents\cc_20100831_164235.reg [2010.08.21 13:14:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_HDJAsioK_01009.Wdf [2010.08.21 13:13:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_HDJBulk_01009.Wdf [2010.08.21 13:13:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010.08.21 13:12:51 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf [2010.08.19 12:18:21 | 000,001,608 | ---- | C] () -- C:\Users\Sascha\Desktop\MagicISO.lnk [2010.08.16 17:28:25 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010.08.16 17:28:25 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010.08.16 17:28:25 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010.08.16 17:28:25 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010.08.16 17:28:25 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010.08.16 17:28:25 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010.08.16 17:28:25 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010.08.16 17:28:25 | 000,013,732 | ---- | C] () -- C:\Windows\System32\EPPICLocal_EN.cfg [2010.08.16 17:28:25 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010.08.16 17:28:25 | 000,006,442 | ---- | C] () -- C:\Windows\System32\EPPICLocal_IT.cfg [2010.08.16 17:28:25 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_PT.cfg [2010.08.16 17:28:25 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_BP.cfg [2010.08.16 17:28:25 | 000,006,335 | ---- | C] () -- C:\Windows\System32\EPPICLocal_GE.cfg [2010.08.16 17:28:25 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg [2010.08.16 17:28:25 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_CF.cfg [2010.08.16 17:28:25 | 000,006,122 | ---- | C] () -- C:\Windows\System32\EPPICLocal_DU.cfg [2010.08.16 17:28:25 | 000,006,103 | ---- | C] () -- C:\Windows\System32\EPPICLocal_ES.cfg [2010.08.16 17:28:25 | 000,005,817 | ---- | C] () -- C:\Windows\System32\EPPICLocal_KO.cfg [2010.08.16 17:28:25 | 000,005,436 | ---- | C] () -- C:\Windows\System32\EPPICLocal_SC.cfg [2010.08.16 17:28:25 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010.08.16 17:28:25 | 000,002,889 | ---- | C] () -- C:\Windows\System32\EPPICLocal_RU.cfg [2010.08.16 17:28:25 | 000,002,426 | ---- | C] () -- C:\Windows\System32\EPPICLocal_TC.cfg [2010.08.16 17:28:25 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2010.08.16 17:28:25 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010.08.16 17:28:25 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010.08.16 17:28:25 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010.08.16 17:28:25 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010.08.16 17:28:25 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010.08.16 17:28:25 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2010.08.16 17:28:25 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2010.08.16 17:28:25 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010.08.16 17:28:25 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.07.31 11:38:42 | 000,000,676 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2010.04.21 16:31:26 | 000,000,033 | ---- | C] () -- C:\Users\Sascha\AppData\Roaming\pcouffin.log [2010.04.21 16:30:33 | 000,087,608 | ---- | C] () -- C:\Users\Sascha\AppData\Roaming\inst.exe [2010.04.21 16:30:33 | 000,007,887 | ---- | C] () -- C:\Users\Sascha\AppData\Roaming\pcouffin.cat [2010.04.21 16:30:33 | 000,001,144 | ---- | C] () -- C:\Users\Sascha\AppData\Roaming\pcouffin.inf [2010.04.13 20:59:17 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.03.29 11:58:05 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.03.29 11:58:05 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.02.25 15:55:54 | 000,026,624 | ---- | C] () -- C:\Users\Sascha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.18 14:47:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.02.16 14:57:33 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini [2010.02.16 11:04:02 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll [2010.02.16 11:04:02 | 000,012,400 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2010.02.16 11:04:01 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys [2010.02.16 11:04:01 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys [2010.02.16 10:59:26 | 000,034,961 | ---- | C] () -- C:\Windows\Ascd_log.ini [2010.02.16 10:59:06 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2010.02.16 10:59:02 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010.02.16 10:58:56 | 000,027,078 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2010.02.16 10:58:56 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2010.02.16 10:52:06 | 000,000,680 | ---- | C] () -- C:\Users\Sascha\AppData\Local\d3d9caps.dat [2009.12.11 21:49:46 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2010.03.07 20:12:13 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\CD-LabelPrint [2010.02.16 15:55:19 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\DAEMON Tools Lite [2010.08.20 09:27:38 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\DVDVideoSoftIEHelpers [2010.10.06 18:48:37 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\GrabIt [2010.08.09 21:55:05 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\ICQ [2010.09.01 20:45:37 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Kalypso Media [2010.08.17 16:48:21 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Leadertech [2010.09.29 19:03:00 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\MoveFab [2010.03.29 09:39:01 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Nokia [2010.02.16 16:08:40 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\OpenOffice.org [2010.03.03 11:48:41 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\PC Suite [2010.02.16 15:58:47 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\phonostar GmbH [2010.04.07 16:41:11 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Publish Providers [2010.02.16 15:28:07 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\ROCCAT [2010.04.07 16:41:12 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Sony [2010.06.29 13:57:18 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Teleca [2010.09.01 01:52:28 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Thunderbird [2010.03.29 11:30:49 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Ubisoft [2010.09.14 09:17:20 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Vso [2010.08.31 17:40:52 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009.04.11 00:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2010.02.16 10:42:37 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2010.10.12 12:52:19 | 3211,845,632 | -HS- | M] () -- C:\hiberfil.sys [2010.10.12 12:52:18 | 3525,439,488 | -HS- | M] () -- C:\pagefile.sys < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2006.11.02 14:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006.11.02 14:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006.11.02 14:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2010.02.18 14:58:57 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2006.09.12 20:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD86.DLL [2006.09.12 20:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP86.DLL < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2010.02.18 14:39:57 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.04.11 00:27:48 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 00:28:24 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\user32.dll /md5 > [2009.04.11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2008.01.19 00:37:10 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll < MD5 for: EXPLORER.EXE > [2010.02.16 14:20:47 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2010.02.16 14:20:47 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2010.02.16 14:20:46 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2010.02.16 14:45:35 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2010.02.16 14:45:34 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2010.02.16 14:20:47 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 00:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: WININIT.EXE > [2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-12 08:02:39 < End of report > Und der Extra.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.10.2010 12:54:39 - Run 1
OTL by OldTimer - Version 3.2.15.1 Folder = C:\Users\Sascha\Desktop\MFTools
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,69 Gb Total Space | 56,42 Gb Free Space | 57,75% Space Free | Partition Type: NTFS
Drive D: | 189,92 Gb Total Space | 87,32 Gb Free Space | 45,98% Space Free | Partition Type: NTFS
Drive E: | 92,23 Gb Total Space | 42,42 Gb Free Space | 45,99% Space Free | Partition Type: NTFS
Computer Name: SASCHA-PC | User Name: Sascha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1035840019-467652792-3280127130-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B5BF35B-E4C2-4959-8AEE-BF7150DE17C8}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{0EAEA6D1-D923-4B18-8AA9-AB04AA008BC0}" = protocol=6 | dir=in | app=d:\games\f1 2010\f1_2010_game.exe |
"{170C3E5A-1DAD-452A-BAAE-9E55EA1C67D1}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{22F80E7B-AFC2-4825-AB70-B183C6F918B0}" = protocol=17 | dir=in | app=d:\games\css\steam.exe |
"{26C1F2B4-DFE3-4638-87D9-C75ABCFD49A1}" = protocol=17 | dir=in | app=d:\games\mass effect 2\masseffect2launcher.exe |
"{29313932-185F-4E00-92C9-A2E7835ADA3A}" = protocol=6 | dir=in | app=d:\games\css\steam.exe |
"{30BB3EE1-02C4-4023-8D9D-7E84C27A8D29}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{36751F8F-7F49-41F4-818C-9AE7C347872D}" = protocol=17 | dir=in | app=d:\games\battlefield bad company 2\bfbc2updater.exe |
"{53B8D56D-BCBD-426D-99F5-0D5BCE69CB54}" = protocol=17 | dir=in | app=d:\games\f1 2010\f1_2010_game.exe |
"{562D4020-3BC2-410D-A33B-49581095282E}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{57435269-DCF8-4C68-B29A-25FEF0D7491F}" = protocol=17 | dir=in | app=d:\games\css\steamapps\pillepalle24\counter-strike source\hl2.exe |
"{5F4ED45F-A4FD-481D-A1E5-6B058AB58B54}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{6A52B2AE-11F5-4B47-A4AE-8A46822EF617}" = protocol=17 | dir=in | app=d:\games\mass effect 2\binaries\masseffect2.exe |
"{6CA3D546-C1C6-43F4-BA26-A247C5DDE2CB}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"{774DA7BB-E387-4C08-B6B4-ADDD19D5E88D}" = protocol=6 | dir=in | app=d:\games\mass effect 2\masseffect2launcher.exe |
"{823DBF3F-B227-4A9F-972A-09F886E4EF03}" = protocol=6 | dir=in | app=d:\games\mass effect 2\binaries\masseffect2.exe |
"{84F0C3E5-98BC-446E-A903-3E0A77040CE1}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{980224B6-3C4D-4EB0-860D-4B030F0A5E91}" = protocol=6 | dir=in | app=d:\games\battlefield bad company 2\bfbc2updater.exe |
"{A16283B5-3BF5-4AD1-8D52-6BD8889EAE78}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"{A448F484-C375-4B04-807A-0F2BF9C88680}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{C29AD39D-4FEC-4518-98FF-6CD4767BA4DD}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{CD03A6B3-2F24-415E-A3F2-41E1293081A9}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{E229B609-42DF-4C18-A5F9-4B023B01CE3F}" = protocol=6 | dir=in | app=d:\games\css\steamapps\pillepalle24\counter-strike source\hl2.exe |
"{E246D735-8936-4BEC-9AB8-FF0DE36BB02F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{E7E59E97-EEFA-4B2B-95B5-2C6CCD160A02}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"TCP Query User{0D95DF71-3754-4E45-824D-0968D24DC369}C:\program files\guillemot\tools\giwebupdater.exe" = protocol=6 | dir=in | app=c:\program files\guillemot\tools\giwebupdater.exe |
"TCP Query User{0E63EDD2-C529-47E9-9A81-0D40ED0F5B89}D:\games\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=d:\games\dragon age\bin_ship\daorigins.exe |
"TCP Query User{1757AD76-941D-4B73-9827-279B021BA994}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{27EE65DA-DCF5-46D9-B659-F24CA9C15B2D}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{28F1FFB2-6FBD-4AE4-B32E-138A66155572}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{4FF728D9-7E85-418C-ACBD-99BC6CAABCFC}D:\games\siedler 7\data\base\_dbg\bin\release\settlers7r.exe" = protocol=6 | dir=in | app=d:\games\siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"TCP Query User{6B10DA63-2C5F-489F-B116-E349D3F21908}D:\games\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\games\anno 1404\tools\anno4web.exe |
"TCP Query User{89AD0920-1011-4759-8FAB-98D3F601DC71}D:\games\mass effect 2\binaries\masseffect2.exe" = protocol=6 | dir=in | app=d:\games\mass effect 2\binaries\masseffect2.exe |
"TCP Query User{AB895804-226F-4DDF-BBEA-513F379A3E79}C:\program files\virtualdj\virtualdj_trial.exe" = protocol=6 | dir=in | app=c:\program files\virtualdj\virtualdj_trial.exe |
"TCP Query User{C5FD5A28-113E-4F87-B0F8-1CA45E6D6408}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{3901569E-7B1F-44DA-A9FE-AF1C2386C816}D:\games\mass effect 2\binaries\masseffect2.exe" = protocol=17 | dir=in | app=d:\games\mass effect 2\binaries\masseffect2.exe |
"UDP Query User{44E56894-8CB7-4FB0-85BC-E2F3CFDD1DA6}C:\program files\guillemot\tools\giwebupdater.exe" = protocol=17 | dir=in | app=c:\program files\guillemot\tools\giwebupdater.exe |
"UDP Query User{56893B09-F268-434F-81B3-53810CEEA7B5}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{5B8481B8-75F9-4ACE-850C-785F7314CA04}D:\games\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=d:\games\dragon age\bin_ship\daorigins.exe |
"UDP Query User{7FF6C266-27E1-4A99-AB4E-D4E42A3AC6F7}D:\games\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\games\anno 1404\tools\anno4web.exe |
"UDP Query User{8252016F-F821-4BE9-B8DE-4765A32844E5}C:\program files\virtualdj\virtualdj_trial.exe" = protocol=17 | dir=in | app=c:\program files\virtualdj\virtualdj_trial.exe |
"UDP Query User{86242732-D050-486B-8370-475BE9899AEA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{9FB220B9-CFC5-4B3C-B006-2BAFA00D2138}D:\games\siedler 7\data\base\_dbg\bin\release\settlers7r.exe" = protocol=17 | dir=in | app=d:\games\siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"UDP Query User{CA4ADF9E-E279-4C90-926B-0AFB9F9C8B87}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{FFBD28D8-5670-48F8-BE53-ECF6D26E2D75}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0FEA9A38-B993-0969-3A78-4D5CDDACEFEE}" = ATI Catalyst Install Manager
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{125BA25B-8D21-4029-AA06-47C3AA327AA7}" = Browser Configuration Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{25B473C3-2C62-482B-858F-94ED76880F79}" = Patrizier 4
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{31ECA0DA-4EE0-8C1E-484A-C304BAA9179A}" = Catalyst Control Center Graphics Previews Common
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33999F1F-EA46-4E55-A239-1BA803235396}" = Hercules DJ Products Series drivers
"{3878A9A3-2448-7607-01EA-0DB9E31B7242}" = Catalyst Control Center Graphics Previews Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"{43FFE159-3199-4188-A1CD-629166AD1031}" = Nero 7 Ultra Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5ABEEB79-8088-45AD-9CF1-DE72C059AD04}" = DJ Console MK2 Manuals
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{75670A63-A18E-5066-0A78-93F6865BA3AA}" = ccc-core-static
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845FDC75-F31E-A75A-4300-593CAB195847}" = ccc-utility
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{94FB5B63-A65F-7E5D-560D-A79FB29EA52F}" = Catalyst Control Center InstallProxy
"{9699C9AA-8990-904D-FD1B-D931E437434D}" = CCC Help English
"{9733747E-E53D-4C17-977E-3A872AFB93E1}" = ROCCAT Kone Mouse Driver
"{98B8052E-1E55-41D4-9A03-E2F718825D38}" = HTC Sync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyToISO_is1" = AnyToISO
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Codec" = DivX Codec
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8_is1" = DVDFab 8.0.0.2 (23/08/2010)
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EA Download Manager" = EA Download Manager
"EPSON S21 Series" = Druckerdeinstallation für EPSON S21 Series
"ERUNT_is1" = ERUNT 1.1j
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube Download_is1" = Free YouTube Download 2.6
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"GutscheinFinder" = GutscheinFinder
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"Mafia II DLC Jimmy's Vendetta_is1" = Mafia II DLC Jimmy's Vendetta
"Mafia II_is1" = Mafia II
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"OpenAL" = OpenAL
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"QuickPar" = QuickPar 0.9
"StarCraft II" = StarCraft II
"Trillian" = Trillian
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.10.2010 04:57:20 | Computer Name = Sascha-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.10.2010 05:48:29 | Computer Name = Sascha-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.10.2010 05:48:29 | Computer Name = Sascha-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.10.2010 06:01:18 | Computer Name = Sascha-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.10.2010 06:01:18 | Computer Name = Sascha-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.10.2010 06:05:22 | Computer Name = Sascha-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.10.2010 06:05:22 | Computer Name = Sascha-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.10.2010 06:13:54 | Computer Name = Sascha-PC | Source = Perflib | ID = 1010
Description =
Error - 12.10.2010 06:52:45 | Computer Name = Sascha-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.10.2010 06:52:45 | Computer Name = Sascha-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 12.08.2010 11:07:54 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 22.08.2010 10:33:43 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 22.08.2010 10:33:43 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 08.09.2010 15:51:52 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 08.09.2010 15:51:52 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 24.09.2010 05:25:27 | Computer Name = Sascha-PC | Source = DCOM | ID = 10010
Description =
Error - 02.10.2010 11:17:35 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7043
Description =
Error - 08.10.2010 06:07:11 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 09.10.2010 04:22:07 | Computer Name = Sascha-PC | Source = WinDefend | ID = 3006
Description = Bei den Maßnahmen gegen Spyware und möglicherweise unerwünschte Software
wurde vom %%827-Echtzeitschutz-Agent ein Fehler festgestellt. Weitere Informationen
finden Sie hier: hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Hiloti.gen!D&threatid=147238
Scan-ID:
{B177CAB3-B2CC-4F76-BF3F-E2DE64EBDD84} Benutzer: Sascha-PC\Sascha Name: Trojan:Win32/Hiloti.gen!D
ID:
147238 Schweregrad-ID: 5 Kategorie-ID: 8 Pfad: Warnungsart: %%805 Aktion: %%811 Fehlercode:
0x80508022 Fehlerbeschreibung: Sie müssen den Computer neu starten, um die Entfernung
der Spyware oder anderer potenziell unerwünschter Software abzuschließen.
Error - 12.10.2010 05:46:42 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7034
Description =
< End of report >
So, ich hoffe das hilft euch weiter, um mein Problem zu lösen. Schoneinmal danke im Vorraus |
|
| Themen zu Mehrere Trojaner wie Bubnix.ZM, Bubnix.abd.1, Bredolab.AA.312 :-( |
| andere, antivir, avgntflt.sys, brauche, canon, components, compu, computer, computern, conduit, corp./icp, counter-strike source, diverse, dringend, firefox.exe, hoffe, ieframe.dll, immer wieder, install.exe, local\temp, location, maßnahme, mehrere trojaner, mozilla thunderbird, neu, nvstor.sys, oldtimer, otl logfile, plug-in, problem, programdata, programme, required, safer networking, saver, scan, scanner, searchplugins, shell32.dll, start menu, system restore, teilweise, troja, trojaner, trojanern, virenscan, virenscanner, wenig, windoof, wirklich |
Linear-Darstellung
