| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: noch ein opfer von Gozi,onlinebanking gesperrt,was nun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.11.2010, 16:52
| #1 |
| |  noch ein opfer von Gozi,onlinebanking gesperrt,was nun? hallo,wie oben beschrieben ist mein onlinebanking gesperrt,grund laut bank eindringen von fremden.. jetzt habe ich bereits Malwarebytes drüber laufen lassen/laufwerk c komplett) dort wurden 2 trojaner gefunden,diese habe ich gelöscht. und nun hatte ich diesen einen text kopiert der hier auch im forum steht und bei otl eingegeben unten und dann auf fix geklickt und dann kam beim wiederstart dieser text bei rum, was heisst das nun? kann ich mir neue bankdaten zukommen lassen oder muss ich komplett neu alles installieren?? All processes killed ========== OTL ========== Error: No service named HotSpotFSvc was found to stop! Service\Driver key HotSpotFSvc not found. File File not found not found. Error: No service named zlportio was found to stop! Service\Driver key zlportio not found. File E:\Download Firefox\ultrastardx-101a-full\zlportio.sys File not found not found. Error: No service named VcommMgr was found to stop! Service\Driver key VcommMgr not found. File H:\WINDOWS\System32\Drivers\VcommMgr.sys File not found not found. Error: No service named VComm was found to stop! Service\Driver key VComm not found. File H:\WINDOWS\System32\DRIVERS\VComm.sys File not found not found. Error: No service named Revolution1 was found to stop! Service\Driver key Revolution1 not found. File E:\Download Firefox\Revolution_Engine_8.3_ShaK3\Revolution_Engine_8.3_ShaK3\SHAK3.sys File not found not found. Error: No service named pccsmcfd was found to stop! Service\Driver key pccsmcfd not found. File H:\WINDOWS\System32\DRIVERS\pccsmcfd.sys File not found not found. Error: No service named NVR0FLASHDev was found to stop! Service\Driver key NVR0FLASHDev not found. File H:\WINDOWS\nvflash.sys File not found not found. Service GMSIPCI stopped successfully! Service GMSIPCI deleted successfully! File J:\INSTALL\GMSIPCI.SYS File not found not found. Error: No service named FLASHSYS was found to stop! Service\Driver key FLASHSYS not found. File c:\MSI\Live Update 4\LU4\FLASHSYS.sys File not found not found. Error: No service named DwProt was found to stop! Service\Driver key DwProt not found. File File not found not found. Error: No service named CrystalSysInfo was found to stop! Service\Driver key CrystalSysInfo not found. File C:\MediaCoder\SysInfo.sys File not found not found. Error: No service named BT was found to stop! Service\Driver key BT not found. File H:\WINDOWS\System32\DRIVERS\btnetdrv.sys File not found not found. Prefs.js: "Winload Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "127.0.0.1" removed from network.proxy.backup.ftp Prefs.js: 4001 removed from network.proxy.backup.ftp_port Prefs.js: "127.0.0.1" removed from network.proxy.backup.gopher Prefs.js: 4001 removed from network.proxy.backup.gopher_port Prefs.js: "127.0.0.1" removed from network.proxy.backup.socks Prefs.js: 4001 removed from network.proxy.backup.socks_port Prefs.js: "127.0.0.1" removed from network.proxy.backup.ssl Prefs.js: 4001 removed from network.proxy.backup.ssl_port Prefs.js: 0 removed from network.proxy.type Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. File not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7550b172-3ae1-11de-845c-001617bb7fec}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7550b172-3ae1-11de-845c-001617bb7fec}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7550b172-3ae1-11de-845c-001617bb7fec}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7550b172-3ae1-11de-845c-001617bb7fec}\ not found. File P:\DZEMO\\\\\FATA.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7550b172-3ae1-11de-845c-001617bb7fec}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7550b172-3ae1-11de-845c-001617bb7fec}\ not found. File P:\DZEMO\\\\\\FATA.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7550b172-3ae1-11de-845c-001617bb7fec}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7550b172-3ae1-11de-845c-001617bb7fec}\ not found. File P:\DZEMO\\\\\\FATA.exe not found. File H:\WINDOWS\hlktmp not found. File H:\WINDOWS\System32\drivers\bpmhbjbk.sys not found. Unable to delete ADS H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0 . Unable to delete ADS H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5A775C3F . Unable to delete ADS H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF . Unable to delete ADS H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A5B56640 . ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: crxpower ->Temp folder emptied: 13052895 bytes ->Temporary Internet Files folder emptied: 845321192 bytes ->Java cache emptied: 97081910 bytes ->FireFox cache emptied: 75417901 bytes ->Flash cache emptied: 408180 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1332018 bytes RecycleBin emptied: 10123930685 bytes Total Files Cleaned = 10.640,00 mb Error: Unable to interpret <Klick dann oben links auf den Button Fix!> in the current context! Error: Unable to interpret <Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der > in the current context! OTL by OldTimer - Version 3.2.17.3 log created on 11102010_164323 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
10.11.2010, 16:56
| #2 |
| /// Malware-holic   | noch ein opfer von Gozi,onlinebanking gesperrt,was nun? wer hat dir gesagt das du das script nutzen sollst, die sind nicht für jeden pc gleich...
__________________ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
10.11.2010, 17:20
| #3 |
| | noch ein opfer von Gozi,onlinebanking gesperrt,was nun? hab es jetzt so gemacht wie es gesagt wurde von markusg,danke erstmal..hier die einträge die ziemlich lang sind:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 10.11.2010 17:02:08 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\crxpower\Desktop Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 151,61 Gb Total Space | 18,39 Gb Free Space | 12,13% Space Free | Partition Type: NTFS Drive D: | 146,48 Gb Total Space | 50,47 Gb Free Space | 34,45% Space Free | Partition Type: NTFS Computer Name: CRXPOWER-PC | User Name: crxpower | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\crxpower\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Programme\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe () PRC - C:\Programme\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe (Realtek) PRC - C:\Users\crxpower\Desktop\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software) ========== Modules (SafeList) ========== MOD - C:\Users\crxpower\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (PnkBstrA) -- C:\Program Files\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe () SRV - (HauppaugeTVServer) -- C:\Programme\WinTV\HCWTVServer.exe (Hauppauge Computer Works) SRV - (EPGService) -- C:\Programme\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (RealtekUSB) -- C:\Programme\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe (Realtek) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (StarWindService) -- C:\Users\crxpower\Desktop\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV - (SetupNTGLM7X) -- E:\NTGLM7X.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (NTACCESS) -- E:\NTACCESS.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH) DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1010311238\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - Reg Error: Key error. File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3478329227-416108515-67917533-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Schnell-Startseite - COMPUTER BILD IE - HKU\S-1-5-21-3478329227-416108515-67917533-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKU\S-1-5-21-3478329227-416108515-67917533-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} IE - HKU\S-1-5-21-3478329227-416108515-67917533-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKU\S-1-5-21-3478329227-416108515-67917533-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKU\S-1-5-21-3478329227-416108515-67917533-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3478329227-416108515-67917533-1000\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-3478329227-416108515-67917533-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1010311238\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-3478329227-416108515-67917533-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3478329227-416108515-67917533-1000\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-3478329227-416108515-67917533-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKU\S-1-5-21-3478329227-416108515-67917533-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {dd02a4eb-4afd-4d60-99d8-e67f964ca813}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {6b907b6e-0535-4a77-a6dc-20a612f0d470}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2332637&SearchSource=2&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.31 12:56:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.09 01:07:09 | 000,000,000 | ---D | M] [2009.03.12 01:26:33 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\mozilla\Extensions [2010.11.10 13:54:05 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\mozilla\Firefox\Profiles\zrvjnxst.default\extensions [2010.06.06 14:59:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\crxpower\AppData\Roaming\mozilla\Firefox\Profiles\zrvjnxst.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.06 14:59:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\crxpower\AppData\Roaming\mozilla\Firefox\Profiles\zrvjnxst.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.06.06 14:59:28 | 000,000,000 | ---D | M] (radio hardcast Toolbar) -- C:\Users\crxpower\AppData\Roaming\mozilla\Firefox\Profiles\zrvjnxst.default\extensions\{6b907b6e-0535-4a77-a6dc-20a612f0d470} [2010.10.31 12:38:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crxpower\AppData\Roaming\mozilla\Firefox\Profiles\zrvjnxst.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.07.31 12:06:26 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\crxpower\AppData\Roaming\mozilla\Firefox\Profiles\zrvjnxst.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.07.13 14:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crxpower\AppData\Roaming\mozilla\Firefox\Profiles\zrvjnxst.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.06.04 20:05:45 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\crxpower\AppData\Roaming\mozilla\Firefox\Profiles\zrvjnxst.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.06.06 14:59:28 | 000,000,000 | ---D | M] (PHPNukeEN Toolbar) -- C:\Users\crxpower\AppData\Roaming\mozilla\Firefox\Profiles\zrvjnxst.default\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813} [2009.03.29 16:49:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crxpower\AppData\Roaming\mozilla\Firefox\Profiles\zrvjnxst.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2009.07.06 17:34:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crxpower\AppData\Roaming\mozilla\Firefox\Profiles\zrvjnxst.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949} [2010.06.06 14:59:27 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\crxpower\AppData\Roaming\mozilla\Firefox\Profiles\zrvjnxst.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2010.02.26 16:53:04 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\mozilla\Firefox\Profiles\zrvjnxst.default\extensions\firefox@tvunetworks.com [2010.10.03 17:30:44 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\mozilla\Firefox\Profiles\zrvjnxst.default\extensions\staged-xpis [2010.10.03 17:30:44 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\mozilla\Firefox\Profiles\zrvjnxst.default\extensions\vshare@toolbar [2009.04.11 16:07:29 | 000,000,681 | ---- | M] () -- C:\Users\crxpower\AppData\Roaming\Mozilla\FireFox\Profiles\zrvjnxst.default\searchplugins\ask.xml [2010.08.11 18:27:11 | 000,000,873 | ---- | M] () -- C:\Users\crxpower\AppData\Roaming\Mozilla\FireFox\Profiles\zrvjnxst.default\searchplugins\conduit.xml [2010.11.05 13:57:22 | 000,000,950 | ---- | M] () -- C:\Users\crxpower\AppData\Roaming\Mozilla\FireFox\Profiles\zrvjnxst.default\searchplugins\icqplugin-1.xml [2009.09.09 01:40:05 | 000,000,950 | ---- | M] () -- C:\Users\crxpower\AppData\Roaming\Mozilla\FireFox\Profiles\zrvjnxst.default\searchplugins\icqplugin-2.xml [2009.09.11 02:13:43 | 000,000,950 | ---- | M] () -- C:\Users\crxpower\AppData\Roaming\Mozilla\FireFox\Profiles\zrvjnxst.default\searchplugins\icqplugin-3.xml [2009.10.30 16:29:03 | 000,000,950 | ---- | M] () -- C:\Users\crxpower\AppData\Roaming\Mozilla\FireFox\Profiles\zrvjnxst.default\searchplugins\icqplugin-4.xml [2009.12.17 01:41:48 | 000,000,950 | ---- | M] () -- C:\Users\crxpower\AppData\Roaming\Mozilla\FireFox\Profiles\zrvjnxst.default\searchplugins\icqplugin-5.xml [2010.01.07 13:43:43 | 000,000,950 | ---- | M] () -- C:\Users\crxpower\AppData\Roaming\Mozilla\FireFox\Profiles\zrvjnxst.default\searchplugins\icqplugin-6.xml [2010.02.21 00:15:35 | 000,000,950 | ---- | M] () -- C:\Users\crxpower\AppData\Roaming\Mozilla\FireFox\Profiles\zrvjnxst.default\searchplugins\icqplugin-7.xml [2010.04.01 02:04:01 | 000,000,950 | ---- | M] () -- C:\Users\crxpower\AppData\Roaming\Mozilla\FireFox\Profiles\zrvjnxst.default\searchplugins\icqplugin-8.xml [2010.10.31 12:38:37 | 000,000,168 | ---- | M] () -- C:\Users\crxpower\AppData\Roaming\Mozilla\FireFox\Profiles\zrvjnxst.default\searchplugins\icqplugin.gif [2010.10.31 12:38:37 | 000,000,618 | ---- | M] () -- C:\Users\crxpower\AppData\Roaming\Mozilla\FireFox\Profiles\zrvjnxst.default\searchplugins\icqplugin.src [2010.06.21 16:35:24 | 000,001,042 | ---- | M] () -- C:\Users\crxpower\AppData\Roaming\Mozilla\FireFox\Profiles\zrvjnxst.default\searchplugins\icqplugin.xml [2009.09.17 00:06:10 | 000,003,915 | ---- | M] () -- C:\Users\crxpower\AppData\Roaming\Mozilla\FireFox\Profiles\zrvjnxst.default\searchplugins\sweetim.xml [2010.11.09 01:07:12 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.03.12 01:29:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.11.09 01:07:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.11.09 01:06:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2007.12.17 18:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npkimi.dll [2009.03.24 10:10:44 | 000,114,688 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2010.10.27 15:12:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.27 15:12:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.27 15:12:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.27 15:12:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.27 15:12:19 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.11.10 16:43:25 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1010311238\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-3478329227-416108515-67917533-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKU\S-1-5-21-3478329227-416108515-67917533-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-3478329227-416108515-67917533-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3478329227-416108515-67917533-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3478329227-416108515-67917533-1000\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3478329227-416108515-67917533-1000..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-3478329227-416108515-67917533-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKU\S-1-5-21-3478329227-416108515-67917533-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3478329227-416108515-67917533-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3478329227-416108515-67917533-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\crxpower\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab (Imikimi_activex_plugin Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.182 80.69.100.174 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\crxpower\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\crxpower\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.03.05 02:13:43 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{4c1bc80f-a90e-11de-9580-001d9206ee18}\Shell - "" = AutoRun O33 - MountPoints2\{4c1bc80f-a90e-11de-9580-001d9206ee18}\Shell\AutoRun\command - "" = M:\start.exe -- File not found O33 - MountPoints2\{f8300840-6a07-11de-8125-001d9206ee18}\Shell - "" = AutoRun O33 - MountPoints2\{f8300840-6a07-11de-8125-001d9206ee18}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoStart IR.lnk - C:\Programme\WinTV\Ir.exe - (Hauppauge Computer Works) MsConfig - StartUpFolder: C:^Users^crxpower^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Folding@home-gpu.lnk - C:\Users\crxpower\AppData\Roaming\Microsoft\Installer\{6A90C837-054E-44AE-B9BD-1B1F87986BBC}\_98830A63A82EB98D7BA198.exe - () MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) MsConfig - StartUpReg: EPGServiceTool - hkey= - key= - C:\Programme\WinTV\EPG Services\System\EPGClient.exe (Hauppauge Inc.) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig - StartUpReg: SweetIM - hkey= - key= - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) MsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - C:\Program Files\Unlocker\UnlockerAssistant.exe () MsConfig - StartUpReg: uTorrent - hkey= - key= - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe () MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX: >{7AC61A4F-429D-4190-BD5D-5FB6681B54C0} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.dvsd - C:\Windows\System32\pdvcodec.dll (Matsushita Electric Industrial Co., Ltd.) Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.11.10 16:43:23 | 000,000,000 | ---D | C] -- C:\_OTL [2010.11.10 16:38:51 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\crxpower\Desktop\OTL.exe [2010.11.10 15:16:25 | 000,000,000 | ---D | C] -- C:\Users\crxpower\AppData\Roaming\GetRightToGo [2010.11.10 15:16:25 | 000,000,000 | ---D | C] -- C:\Users\crxpower\Documents\Downloads [2010.11.10 14:59:52 | 000,000,000 | ---D | C] -- C:\Users\crxpower\AppData\Roaming\Malwarebytes [2010.11.10 14:59:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.10 14:59:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.10 14:59:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.11.10 14:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.11.09 01:08:26 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2010.11.09 01:07:09 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.11.09 01:07:09 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.11.09 01:07:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.11.09 01:07:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.11.09 00:51:28 | 000,000,000 | ---D | C] -- C:\Users\crxpower\AppData\Roaming\Notepad++ [2010.11.09 00:51:28 | 000,000,000 | ---D | C] -- C:\Programme\Notepad++ [2010.11.08 23:30:38 | 000,000,000 | ---D | C] -- C:\Programme\PhotoZoom Pro 3 [2010.11.08 23:30:03 | 000,000,000 | ---D | C] -- C:\Users\crxpower\Desktop\PhotoZoomPro3 [2010.11.08 18:52:56 | 000,000,000 | ---D | C] -- C:\Programme\JRE [2010.11.08 18:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.11.08 18:45:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.11.08 18:43:16 | 000,000,000 | ---D | C] -- C:\Users\crxpower\Desktop\OpenOffice.org 3.2 (de) Installation Files [2010.10.31 12:38:18 | 000,000,000 | ---D | C] -- C:\Users\crxpower\AppData\Local\AOL [2010.10.31 12:37:56 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2 [2010.10.27 11:38:05 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2010.10.27 11:38:04 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010.10.27 11:38:04 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010.10.25 22:37:23 | 000,000,000 | ---D | C] -- C:\Programme\KaloMa [2010.10.14 11:06:56 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.14 11:06:06 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010.10.14 11:05:24 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.14 11:05:20 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.10.14 11:05:20 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.10.14 11:05:19 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.10.14 11:05:19 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.10.14 11:05:19 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.10.14 11:05:18 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.10.14 11:05:18 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.10.14 11:05:18 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.10.14 11:05:18 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.10.14 11:05:18 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.10.14 11:05:18 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.10.14 11:05:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.10.14 11:05:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.10.14 11:05:18 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.10.14 11:05:18 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.10.14 11:05:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.10.14 11:05:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.10.14 11:05:15 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.14 11:05:15 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.14 11:05:13 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.10.14 11:05:11 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.10.14 11:05:10 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.10.13 22:55:27 | 000,000,000 | ---D | C] -- C:\Users\crxpower\Desktop\www.top-hitz.com...Der.letzte.Exorzismus.TS.LD.German.iNTERNAL.READ.NFO.XviD-CinePlexx ========== Files - Modified Within 30 Days ========== [2010.11.10 17:00:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\crxpower\Desktop\OTL.exe [2010.11.10 17:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.11.10 16:51:58 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.10 16:51:58 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.10 16:51:58 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.10 16:51:58 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.10 16:46:55 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.11.10 16:46:48 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.10 16:46:48 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.10 16:46:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.10 16:46:39 | 3220,537,344 | -HS- | M] () -- C:\hiberfil.sys [2010.11.10 16:43:25 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2010.11.10 16:29:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.11.10 16:15:19 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{01037324-98C5-4673-B28F-91276541A6C2}.job [2010.11.10 14:59:21 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.09 12:15:51 | 000,274,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.11.09 01:06:53 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.11.09 01:06:53 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.11.09 01:06:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.11.09 01:06:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.11.08 23:30:43 | 000,004,093 | ---- | M] () -- C:\Windows\jwws-d24.ini [2010.11.08 23:30:39 | 000,000,890 | ---- | M] () -- C:\Users\crxpower\Desktop\PhotoZoom Pro 3.lnk [2010.11.08 23:29:49 | 008,036,015 | ---- | M] () -- C:\Users\crxpower\Desktop\PhotoZoomPro3.zip [2010.11.08 23:10:11 | 000,077,312 | ---- | M] () -- C:\Users\crxpower\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.08 18:54:10 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk [2010.11.07 02:38:20 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job [2010.11.05 01:57:27 | 730,054,656 | ---- | M] () -- C:\Users\crxpower\Desktop\pl-paranormal2_xvid.avi [2010.10.25 22:37:24 | 000,000,728 | ---- | M] () -- C:\Users\Public\Desktop\KaloMa.lnk [2010.10.24 16:23:24 | 000,030,188 | ---- | M] () -- C:\Users\crxpower\Documents\julia23.10.odt [2010.10.19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe ========== Files Created - No Company Name ========== [2010.11.10 14:59:21 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.08 23:30:43 | 000,004,093 | ---- | C] () -- C:\Windows\jwws-d24.ini [2010.11.08 23:30:39 | 000,000,890 | ---- | C] () -- C:\Users\crxpower\Desktop\PhotoZoom Pro 3.lnk [2010.11.08 23:29:45 | 008,036,015 | ---- | C] () -- C:\Users\crxpower\Desktop\PhotoZoomPro3.zip [2010.11.08 23:07:49 | 730,054,656 | ---- | C] () -- C:\Users\crxpower\Desktop\pl-paranormal2_xvid.avi [2010.11.08 18:54:10 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk [2010.10.25 22:37:24 | 000,000,728 | ---- | C] () -- C:\Users\Public\Desktop\KaloMa.lnk [2010.10.24 16:23:22 | 000,030,188 | ---- | C] () -- C:\Users\crxpower\Documents\julia23.10.odt [2010.10.13 23:02:45 | 729,559,040 | ---- | C] () -- C:\Users\crxpower\Desktop\cpl-dle.avi [2010.06.17 13:28:03 | 000,000,056 | ---- | C] () -- C:\Windows\videotoaudio.ini [2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.02.26 17:05:59 | 000,019,456 | ---- | C] () -- C:\Users\crxpower\AppData\Local\WebpageIcons.db [2010.02.26 16:59:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.02.26 16:42:04 | 000,000,140 | ---- | C] () -- C:\Windows\powerlist.ini [2010.02.26 16:42:04 | 000,000,060 | ---- | C] () -- C:\Windows\MediaList.ini [2010.02.26 16:39:02 | 000,000,779 | ---- | C] () -- C:\Windows\powerplayer.ini [2010.02.26 16:39:02 | 000,000,356 | ---- | C] () -- C:\Windows\psnetwork.ini [2009.11.30 21:31:53 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.09.17 12:02:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.07.06 12:01:03 | 000,722,416 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.06.19 19:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.05.20 18:28:38 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini [2009.05.20 18:28:36 | 000,000,030 | ---- | C] () -- C:\Windows\System32\UNWISE.INI [2009.05.20 18:28:11 | 000,032,295 | ---- | C] () -- C:\Windows\Irremote.ini [2009.05.20 18:28:05 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll [2009.05.20 18:27:08 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.05.20 18:27:08 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2009.05.20 18:27:07 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll [2009.05.20 18:26:48 | 000,006,235 | ---- | C] () -- C:\Windows\HCWPNP.INI [2009.03.21 18:25:08 | 000,004,969 | ---- | C] () -- C:\ProgramData\tgioyvlx.pxu [2009.03.21 18:24:59 | 000,000,060 | ---- | C] () -- C:\Windows\IniFile1.ini [2009.03.12 19:12:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2009.03.12 19:11:31 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.03.12 19:11:19 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.03.12 19:07:38 | 000,077,312 | ---- | C] () -- C:\Users\crxpower\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.12 18:57:06 | 000,000,024 | ---- | C] () -- C:\Windows\magix.ini [2009.03.12 00:01:41 | 000,008,944 | ---- | C] () -- C:\Users\crxpower\AppData\Local\d3d9caps.dat [2008.09.12 09:07:38 | 000,000,266 | ---- | C] () -- C:\Program Files\Common Files\hama.de - Download-Area Gamecontroller.url [2008.01.21 03:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en [2007.07.25 14:24:30 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2006.11.02 13:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.02.26 15:08:28 | 000,585,728 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll ========== LOP Check ========== [2009.03.16 21:25:33 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\astragon Software GmbH [2009.03.20 16:31:20 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Atari [2010.06.04 20:06:18 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Auslogics [2010.03.10 19:05:30 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\autobingooo [2010.11.07 02:38:26 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Azureus [2009.11.21 00:04:47 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Blitware [2009.11.30 21:32:03 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Canneverbe_Limited [2010.02.20 02:07:19 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\CasinoOnNet [2009.09.24 22:45:30 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\DAEMON Tools [2009.09.24 22:55:30 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\DAEMON Tools Lite [2009.11.30 21:28:22 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\DAEMON Tools Pro [2009.12.02 02:06:30 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Desktopicon [2010.07.31 12:20:33 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.05 15:59:59 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Folding@home-gpu [2010.11.10 15:16:29 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\GetRightToGo [2010.11.10 16:33:57 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\ICQ [2010.06.23 23:25:39 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\JLC's Software [2009.03.20 03:05:31 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Leadertech [2009.04.17 21:41:42 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\MAGIX [2009.03.21 18:25:30 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\MOVAVI [2010.11.09 00:52:18 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Notepad++ [2009.07.12 17:00:03 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\OpenOffice.org [2009.05.28 15:20:49 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\PlayFirst [2010.02.26 16:58:08 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\PPMate [2010.02.26 16:47:06 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\ppstream [2009.12.06 02:58:13 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\ProtectDisc [2009.11.10 14:22:23 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\streamripper [2009.03.12 17:51:27 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\TuneUp Software [2010.02.13 19:08:00 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\UseNeXT [2010.11.08 03:38:18 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\uTorrent [2009.05.28 15:20:48 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Zylom [2010.11.10 17:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2010.11.07 02:38:20 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job [2010.11.10 16:45:55 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.11.10 16:15:19 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{01037324-98C5-4673-B28F-91276541A6C2}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.06.17 13:10:30 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Adobe [2009.03.21 18:52:05 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Ahead [2009.03.16 21:25:33 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\astragon Software GmbH [2009.03.20 16:31:20 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Atari [2009.11.24 20:38:20 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\ATI [2010.06.04 20:06:18 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Auslogics [2010.03.10 19:05:30 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\autobingooo [2009.03.21 18:44:14 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\AVS4YOU [2010.11.07 02:38:26 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Azureus [2009.11.21 00:04:47 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Blitware [2009.11.30 21:32:03 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Canneverbe_Limited [2010.02.20 02:07:19 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\CasinoOnNet [2009.09.24 22:45:30 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\DAEMON Tools [2009.09.24 22:55:30 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\DAEMON Tools Lite [2009.11.30 21:28:22 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\DAEMON Tools Pro [2009.12.02 02:06:30 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Desktopicon [2010.11.09 00:56:47 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\dvdcss [2010.07.31 12:20:33 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.05 15:59:59 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Folding@home-gpu [2010.11.10 15:16:29 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\GetRightToGo [2010.11.10 16:33:57 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\ICQ [2009.05.28 15:20:48 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Identities [2009.03.12 00:05:07 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\InstallShield [2010.06.23 23:25:39 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\JLC's Software [2009.03.20 03:05:31 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Leadertech [2009.03.12 01:30:51 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Macromedia [2009.04.17 21:41:42 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\MAGIX [2010.11.10 14:59:52 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Malwarebytes [2006.11.02 13:35:50 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Media Center Programs [2009.10.05 18:09:16 | 000,000,000 | --SD | M] -- C:\Users\crxpower\AppData\Roaming\Microsoft [2009.03.21 18:25:30 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\MOVAVI [2009.03.12 01:26:33 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Mozilla [2010.11.09 00:52:18 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Notepad++ [2009.07.12 17:00:03 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\OpenOffice.org [2009.05.28 15:20:49 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\PlayFirst [2010.02.26 16:58:08 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\PPMate [2010.02.26 16:47:06 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\ppstream [2009.12.06 02:58:13 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\ProtectDisc [2010.02.26 16:59:11 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\SopCast [2009.11.10 14:22:23 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\streamripper [2009.10.16 01:52:59 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\tor [2009.03.12 17:51:27 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\TuneUp Software [2010.02.26 16:43:28 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\TVU Networks [2010.02.13 19:08:00 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\UseNeXT [2010.11.08 03:38:18 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\uTorrent [2009.10.16 01:52:59 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Vidalia [2010.02.26 18:34:27 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\vlc [2010.06.06 15:43:52 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Winamp [2009.03.12 00:50:18 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\WinRAR [2009.05.28 15:20:48 | 000,000,000 | ---D | M] -- C:\Users\crxpower\AppData\Roaming\Zylom < %APPDATA%\*.exe /s > [2008.11.30 15:55:28 | 000,319,488 | ---- | M] () -- C:\Users\crxpower\AppData\Roaming\astragon Software GmbH\Fahr-Simulator 2009\Fahr-Simulator.exe [2009.03.16 21:25:29 | 000,697,862 | ---- | M] () -- C:\Users\crxpower\AppData\Roaming\astragon Software GmbH\Fahr-Simulator 2009\unins000.exe [2008.11.26 14:08:18 | 002,121,728 | ---- | M] () -- C:\Users\crxpower\AppData\Roaming\astragon Software GmbH\Fahr-Simulator 2009\Scenery Editor\Szenen-Editor.exe [2009.11.29 02:32:10 | 005,393,552 | ---- | M] (Blitware Technology Inc. ) -- C:\Users\crxpower\AppData\Roaming\Blitware\DriverRobot\updates\1.2.0.3\DriverRobot_Setup.exe [2009.12.06 02:32:12 | 005,395,904 | ---- | M] (Blitware Technology Inc. ) -- C:\Users\crxpower\AppData\Roaming\Blitware\DriverRobot\updates\1.2.0.5\DriverRobot_Setup.exe [2010.07.25 01:32:04 | 005,671,192 | ---- | M] (Blitware Technology Inc. ) -- C:\Users\crxpower\AppData\Roaming\Blitware\DriverRobot\updates\2.5.0.6\driverrobot_setup.exe [2010.08.01 01:32:05 | 007,789,968 | ---- | M] (Blitware Technology Inc. ) -- C:\Users\crxpower\AppData\Roaming\Blitware\DriverRobot\updates\2.5.1.0\driverrobot_setup.exe [2010.08.15 01:32:05 | 007,788,736 | ---- | M] (Blitware Technology Inc. ) -- C:\Users\crxpower\AppData\Roaming\Blitware\DriverRobot\updates\2.5.1.1\driverrobot_setup.exe [2009.12.02 02:06:30 | 000,031,836 | ---- | M] () -- C:\Users\crxpower\AppData\Roaming\Desktopicon\uninst.exe [2009.12.02 14:34:22 | 003,203,072 | ---- | M] () -- C:\Users\crxpower\AppData\Roaming\Folding@home-gpu\FahCore_11.exe [2009.09.27 17:16:10 | 000,010,134 | R--- | M] () -- C:\Users\crxpower\AppData\Roaming\Microsoft\Installer\{580D6A69-F3F7-CB21-A5F5-3451A38CA1C2}\ARPPRODUCTICON.exe [2009.12.02 13:09:41 | 000,098,477 | R--- | M] () -- C:\Users\crxpower\AppData\Roaming\Microsoft\Installer\{6A90C837-054E-44AE-B9BD-1B1F87986BBC}\_1810542788961D6D988517.exe [2009.12.02 13:09:40 | 000,098,477 | R--- | M] () -- C:\Users\crxpower\AppData\Roaming\Microsoft\Installer\{6A90C837-054E-44AE-B9BD-1B1F87986BBC}\_6FEFF9B68218417F98F549.exe [2009.12.02 13:09:41 | 000,098,477 | R--- | M] () -- C:\Users\crxpower\AppData\Roaming\Microsoft\Installer\{6A90C837-054E-44AE-B9BD-1B1F87986BBC}\_98830A63A82EB98D7BA198.exe [2009.12.02 13:09:41 | 000,010,134 | R--- | M] () -- C:\Users\crxpower\AppData\Roaming\Microsoft\Installer\{6A90C837-054E-44AE-B9BD-1B1F87986BBC}\_B97F7EA90C9BD73A9EC027.exe [2009.11.24 21:10:51 | 000,010,134 | R--- | M] () -- C:\Users\crxpower\AppData\Roaming\Microsoft\Installer\{A7E110EF-3B05-4CCD-3CB7-3D373325D43A}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 03:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.12.10 20:58:28 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.12.10 20:58:27 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.12.10 20:58:27 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.12.10 20:58:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:22:34 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 03:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:22:13 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:22:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:22:31 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:22:58 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:22:58 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:22:59 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:22:55 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:22:55 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2009.09.22 15:58:57 | 000,722,416 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2008.01.21 04:16:46 | 017,956,864 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:16:31 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:16:46 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:1AAB2E68 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.11.2010 17:02:08 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\crxpower\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 151,61 Gb Total Space | 18,39 Gb Free Space | 12,13% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 50,47 Gb Free Space | 34,45% Space Free | Partition Type: NTFS
Computer Name: CRXPOWER-PC | User Name: crxpower | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3478329227-416108515-67917533-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ -- (PPStream Inc.)
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷ -- (PPStream Inc)
"C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate -- ()
"C:\Program Files\PPMate\ppamnet.exe" = C:\Program Files\PPMate\ppamnet.exe:*:Enabled:PPMate -- (ppmate)
"C:\Program Files\PPSGame\PPSGame.exe" = C:\Program Files\PPSGame\PPSGame.exe:*:Enabled:ÓÎÏ·´óÌü¿Í»§¶Ë -- (传聚网络科技有限公司)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B09FF3-0916-40C4-9372-DDCC6A9B2AD4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6638C4D7-99BB-438F-86C8-48D153C6C6B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0705E0A9-30A0-407E-BF7C-2BF702287234}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{0CEB877E-F6A6-4691-890B-E396534C1F62}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{24CA761A-A2F4-4F3F-B234-3D74A360FFD7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3AABFE7F-4F58-4A00-81CE-80D4DA48B23F}" = protocol=17 | dir=in | app=c:\users\crxpower\desktop\konami\pro evolution soccer 2010\pes2019.exe |
"{5101B469-A66D-4E7C-96E0-B2C9A6DA1107}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{68202FDD-E510-4C9E-9791-8931948C271F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{78EC7BD5-BDB1-430A-8AC7-7735FAB1EE67}" = protocol=6 | dir=in | app=c:\users\crxpower\desktop\konami\pro evolution soccer 2010\pes2019.exe |
"{8490A673-D9FC-442D-A0F1-AC91FDB1F990}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{8F2DB08C-A738-453F-B26E-DB9FCF2E72DF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{9A86BC7A-15B0-46C8-93C2-97694C5E2D5D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{9E6985D3-BA0E-4F77-8A67-01201504EB78}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BFBC24BF-F962-4C32-A6E3-8042483E9C59}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C013F7D2-269D-4240-99C9-2CD7A88AE583}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C8A63524-ADBD-46D9-A8D7-805259C01AF3}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{35471DBA-409A-44C6-9400-5BE9D222D47A}C:\users\crxpower\desktop\pes2010.exe" = protocol=6 | dir=in | app=c:\users\crxpower\desktop\pes2010.exe |
"TCP Query User{423D9B74-AF16-4FBF-8153-D345953075AD}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{427FEDA3-89E9-4E85-AB88-4348DA9845F2}C:\program files\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files\ppstream\ppstream.exe |
"TCP Query User{4DE53171-3EB5-4A27-8698-8EBCFC0DE5C0}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{57872BA9-9A65-4D2E-A0F1-AA3D67F278ED}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{6B939087-E65B-4BA6-B84B-BBD954F45988}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6F605BFB-B2FC-4E8C-9BFE-C7BA69129854}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{83C5230A-76BF-4325-89F5-C8C1FD471D8C}C:\program files\ppmate\ppamnet.exe" = protocol=6 | dir=in | app=c:\program files\ppmate\ppamnet.exe |
"TCP Query User{97BAC847-09DB-4966-9703-61DA7C66BF9B}C:\program files\phenomedia\moorhuhn kart - thunder\mhk4.exe" = protocol=6 | dir=in | app=c:\program files\phenomedia\moorhuhn kart - thunder\mhk4.exe |
"TCP Query User{9A1F2EEE-0A45-4501-9B94-E62EB458C347}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{9B58BB48-6DF0-4B1A-B337-008CE568930B}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{D5F171C6-F18D-4055-B3B7-FDAC16CD201E}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{FEE17BE3-F66B-404A-91EC-D93DF6693E39}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{01E4A683-C984-4E69-AC71-82173D8A4B52}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{09267D1A-5600-4EDF-8C0E-A22665755927}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{1A94BBC9-5E69-4C8A-AE88-4F187574AB5A}C:\program files\phenomedia\moorhuhn kart - thunder\mhk4.exe" = protocol=17 | dir=in | app=c:\program files\phenomedia\moorhuhn kart - thunder\mhk4.exe |
"UDP Query User{2C8924F5-D54D-445B-BCBA-B70B2908AEF0}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{33357B6A-7DEF-4500-9534-2B1AC0B0E73F}C:\users\crxpower\desktop\pes2010.exe" = protocol=17 | dir=in | app=c:\users\crxpower\desktop\pes2010.exe |
"UDP Query User{35948FB5-E97B-44D9-BBED-FBFE62CBA930}C:\program files\ppmate\ppamnet.exe" = protocol=17 | dir=in | app=c:\program files\ppmate\ppamnet.exe |
"UDP Query User{4BD39AC5-5268-4DA5-B770-7277AF767B43}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{6CD23326-20CE-44F6-95C9-7A312914D71D}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{843C396E-5741-483E-AC92-A909EB0588FB}C:\program files\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files\ppstream\ppstream.exe |
"UDP Query User{87D8A902-C29C-4CF0-B90C-9A47D4B3DA6F}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{B094B1A1-FF47-4F0B-BA56-5DDBEC17900F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{ED4C59F1-5929-4563-89A3-C1917287F937}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{EE9263F3-2AC5-45E7-BB3F-9EFFBBBBF3AC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0117713F-9BB5-E61B-686F-D63C156E63F6}" = Catalyst Control Center Core Implementation
"{041FE46C-4EEA-06AE-4562-00A899F5A0FB}" = CCC Help English
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082C8591-A04B-C51B-99C1-729A9765C559}" = CCC Help English
"{0C49AFCF-4EEC-F150-3748-56906B26116D}" = Catalyst Control Center Graphics Full Existing
"{18778440-FBC2-7845-5D75-2E3FB2901CA3}" = Catalyst Control Center Core Implementation
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2160868F-58F6-7B2D-03A3-89A3582AEA1C}" = Skins
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}" = HDD Regenerator
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2D7D9D86-923A-41A8-919F-437332AB1031}" = Nero 7 Ultra Edition
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{36D801B4-1B76-085D-4C96-8A3BE8D4E4B3}" = HydraVision
"{38D9321F-3A76-4D82-9AC4-970F0BE74186}" = ATI AVIVO Codecs
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F11A4D1-FAEC-E1FD-5D35-25C94EC33D46}" = ccc-core-static
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{508D251A-9378-C840-90A0-563C649BC749}" = Catalyst Control Center Graphics Previews Vista
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{560BEED8-69A3-0471-FFAE-9BA8AC58B61A}" = ccc-utility
"{56DD3770-2EF5-42D0-BA5A-A8135E9D4A9E}" = USB Dual Vibration PAD
"{580D6A69-F3F7-CB21-A5F5-3451A38CA1C2}" = Catalyst Control Center InstallProxy
"{5934808D-F536-2B3F-A488-F53372854C69}" = ccc-core-static
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{610E64BA-F306-6C12-F882-F76CD244A3C2}" = Catalyst Control Center Graphics Light
"{62E965A8-25BB-2C3C-D9D5-D73CF4CC55AB}" = Catalyst Control Center HydraVision Full
"{68BC06A7-FC85-D463-48BE-3EBFD9747C7E}" = Catalyst Control Center HydraVision Full
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A90C837-054E-44AE-B9BD-1B1F87986BBC}" = Folding@home-gpu
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK USB Wireless LAN Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7528F5C4-1707-A9D6-4564-F2D5C64FA3A6}" = Catalyst Control Center Graphics Light
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}" = SweetIM Toolbar for Internet Explorer 3.4
"{8DE98D27-6F65-90E4-0F46-A0FCAEEB8D5B}" = Catalyst Control Center Graphics Previews Common
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96B784E2-F4D7-38A5-E9DD-6CC093B07C58}" = Catalyst Control Center Graphics Full New
"{97959329-F1E9-2D17-E910-253C05B00C6E}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0AC7ED-E425-4BD9-8196-D4D5D31FFD37}" = Activision(R)
"{9E78C42C-4FF9-4F41-BBC4-BF872606E79D}_is1" = Driver Robot 1.1.0.14
"{A137D52E-FA96-4815-85F5-E7B8F66837DB}" = Race Driver 3
"{A402B569-BA69-8849-1DFC-6D4CE9F4EDA5}" = Catalyst Control Center Graphics Previews Common
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7E110EF-3B05-4CCD-3CB7-3D373325D43A}" = Catalyst Control Center InstallProxy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9D0555C-AB20-419D-A98C-3B11ECC0F921}" = Movavi VideoSuite 6
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BCDD3356-B5B2-9D0F-3776-8D5E28893F82}" = ccc-utility
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK RTL8187 Wireless LAN Driver and Utility
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D2D15362-27A7-9D88-35B2-C04697E4CD94}" = Catalyst Control Center Graphics Previews Vista
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D85EE6FC-1263-3A84-CEB7-A53E97B6A835}" = ATI Catalyst Install Manager
"{DDD9BB0C-C116-91D3-A45B-FA3291781BB0}" = Catalyst Control Center Graphics Full Existing
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{EC87E256-B0A4-4A41-8682-AB57FF21196D}" = SweetIM for Messenger 2.7
"{EDA12670-56B5-4459-BA21-D010F0E3EBA1}" = Emergency 4 Deluxe
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"autosearch2" = autosearch2
"AVI To MP3 Converter_is1" = AVI To MP3 Converter 1.00
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Casino-On-Net" = Casino-On-Net
"Cobra 11 - Burning Wheels_is1" = 1
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"eBay Icon" = eBay Icon
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.02
"Fahr-Simulator 2009_is1" = Fahr-Simulator 2009
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.3
"Free Studio_is1" = Free Studio version 4.8
"Free Video Dub_is1" = Free Video Dub version 1.6
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.6
"Google Chrome" = Google Chrome
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV DVB-T EPG Service" = Hauppauge WinTV DVB-T EPG Service
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services
"HD Tune_is1" = HD Tune 2.55
"HighwayNights" = Cobra 11 - Highway Nights (remove only)
"ICQToolbar" = ICQ Toolbar
"IL Download Manager" = IL Download Manager
"Imikimi Plugin" = Imikimi Plugin
"InstallShield_{9B0AC7ED-E425-4BD9-8196-D4D5D31FFD37}" = Ice Age 3 Die Dinosaurier sind los(TM)
"KaloMa_is1" = KaloMa 4.78
"MAGIX Music Maker 15 Premium Download-Version D" = MAGIX Music Maker 15 Premium Download-Version 15.0.1.5 (D)
"MAGIX Music Maker 2008 D" = MAGIX Music Maker 2008 13.0.0.16 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mr. Putts Mini Golf" = Mr. Putts Mini Golf
"Notepad++" = Notepad++
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.7.0
"ppmate" = PPMate Network TV 2.3.3.6
"PPSGame" = PPSÓÎÏ· V1.0.1.93
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Saitek Colour Rumble Pad" = Saitek Colour Rumble Pad
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SopCast" = SopCast 3.2.4
"Stellarium_is1" = Stellarium 0.9.0
"Streamripper" = Streamripper (Remove only)
"Streamripper.Plugin" = Streamripper Plugin 1.62.2 (Remove only)
"TVUPlayer" = TVUPlayer 2.5.2.2
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.8
"UseNeXT_is1" = UseNeXT
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.16
"VideoMach" = VideoMach
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 0.9.8a
"vShare" = vShare Plugin
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"Vuze" = Vuze
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Zattoo4" = Zattoo4 4.0.5
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3478329227-416108515-67917533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Diner Dash 2 Deluxe" = Diner Dash 2 Deluxe
"PhotoZoom Pro 3" = BenVista PhotoZoom Pro 3.0.2
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10.11.2010 11:36:01 | Computer Name = crxpower-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 10.11.2010 11:36:01 | Computer Name = crxpower-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 10.11.2010 11:36:46 | Computer Name = crxpower-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.11.2010 11:37:18 | Computer Name = crxpower-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 10.11.2010 11:37:25 | Computer Name = crxpower-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 10.11.2010 11:47:14 | Computer Name = crxpower-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 10.11.2010 11:47:14 | Computer Name = crxpower-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 10.11.2010 11:48:27 | Computer Name = crxpower-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.11.2010 11:48:43 | Computer Name = crxpower-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 10.11.2010 11:48:43 | Computer Name = crxpower-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 10.11.2010 07:33:05 | Computer Name = crxpower-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description =
Error - 10.11.2010 07:33:05 | Computer Name = crxpower-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description =
Error - 10.11.2010 07:33:05 | Computer Name = crxpower-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description =
Error - 10.11.2010 07:33:05 | Computer Name = crxpower-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description =
Error - 10.11.2010 07:34:12 | Computer Name = crxpower-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 10.11.2010 08:23:39 | Computer Name = crxpower-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 10.11.2010 08:23:42 | Computer Name = crxpower-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 10.11.2010 11:36:46 | Computer Name = crxpower-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 10.11.2010 11:43:23 | Computer Name = crxpower-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 10.11.2010 11:48:28 | Computer Name = crxpower-PC | Source = Service Control Manager | ID = 7026
Description =
[ TuneUp Events ]
Error - 10.11.2010 09:59:55 | Computer Name = crxpower-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-10 14:59:55', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','2888',0)
< End of report >
|
|
10.11.2010, 17:42
| #4 |
| /// Malware-holic | noch ein opfer von Gozi,onlinebanking gesperrt,was nun? also, ich persönlich würde neu aufsetzen und dann den pc vernünftig absichern, hilfe dazu bekommst du von mir! das ist, wie ich denke, das sicherste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.11.2010, 17:55
| #5 |
| | noch ein opfer von Gozi,onlinebanking gesperrt,was nun? aber wie bekomme ich das hin das wenn ich alles neu mache,nicht nach sagen wir mal 1-2 tagen wieder der virus drauf ist? kenne mich da nicht so aus,habe nur was von sandboxi gelesen... weil habe ja dann wirklich alles weg ausser bilder die darf man ja überspielen .. und müsste meiner bank dann mitteilen das ich neue daten geschickt bekommen will..nur wenn dann auf einmal wieder nach einer woche alles gesperrt ist weil wieder zugriff von anderen versucht worden ist,wäre ja alles für die katz |
|
10.11.2010, 17:56
| #6 |
| | noch ein opfer von Gozi,onlinebanking gesperrt,was nun? kriegt man denn so einen virus mit gar keinen antivirusprogramm aufgespürt??? sodass ich dann alle passwörter änder etc und alles ist gut??? |
|
10.11.2010, 18:04
| #7 |
| /// Malware-holic | noch ein opfer von Gozi,onlinebanking gesperrt,was nun? diese trojaner können für uns schwer nachweisbare enderungen machen die das system nicht vertrauenswürdig machen, ich persönlich würde keine bank daen eingeben, weil immer ein restrisiko bleibt, wenn du aber genug geld hast das man dir das konto leer räumen darf :-) ich zeige dir, wie du absichern kannst und backups anlegst, das nächste mal dauert das nur 10 minuten und dein bs ist zurückgesetzt.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.11.2010, 18:08
| #8 |
| | noch ein opfer von Gozi,onlinebanking gesperrt,was nun? aber jetzt verstehe ich das richtig müsste ich mir die mühe machen und ein paar stunden zeit in anspruch nehmen und alles runterschmeissen und neu formatieren etc...? und es muss wirklich alles runter und darf auch ausser bilder nicht mehr drauf? und wenn ich den pc neu gemacht habe,welche programme schützen mich vor neuen viren die wieder das gleiche verursachen...weil möchte schon das es dann mal ein ende hat und nicht wieder eine woche später meine bank anruft und das gleiche sagt wieder.. |
|
10.11.2010, 18:15
| #9 |
| /// Malware-holic | noch ein opfer von Gozi,onlinebanking gesperrt,was nun? hi, du musst das laufwerk c: leer räumen, sichere alles was du benötigst. wenn du downloads aus illegalen quellen hast, wirds zeit, diese zu entsorgen, potentielle malware träger. wenn du damit fertig bist, sag bescheid, dann gehts weiter.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.11.2010, 18:17
| #10 |
| | noch ein opfer von Gozi,onlinebanking gesperrt,was nun? hallo,also muss nur c formatiert werden weil hab auf d musik etc drauf.. da muss ich nichts machen oder wie? kenn mich da nicht so aus.. |
|
10.11.2010, 18:38
| #11 |
| /// Malware-holic | noch ein opfer von Gozi,onlinebanking gesperrt,was nun? ja, daten sichern von c: und dann bescheid geben und es gibt die nächsten schritte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.11.2010, 19:00
| #12 |
| | noch ein opfer von Gozi,onlinebanking gesperrt,was nun? aber in musikdateien können doch auch viren sein oder? und damit wir uns richtig verstehen,ich habe nur eine festplatte,diese ist geteilt.. |
|
10.11.2010, 19:02
| #13 |
| /// Malware-holic | noch ein opfer von Gozi,onlinebanking gesperrt,was nun? theoretisch ja, deswegen sagte ich alles aus illegalen quellen aussortieren und nie wieder solche benutzen, das vermindert das risiko.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.11.2010, 19:06
| #14 |
| | noch ein opfer von Gozi,onlinebanking gesperrt,was nun? ich kann ja in dem sinne nichts "aussortieren" sondern muss ja dann gezwungener maßen format c alles weg und tschüß..oder gibt es eine möglichkeit den pc so zu retten ohne wirklich alles zu löschen |
|
10.11.2010, 19:43
| #15 |
| /// Malware-holic | noch ein opfer von Gozi,onlinebanking gesperrt,was nun? wie oft willst du mir die frage noch stellen? du kannst von c: alles sichern, was du legal erworben hast. wenn natürlich alles aus illegalen quellen stammt muss alles weg, und dann brauchst du dich auch nicht wundern, warum du trojaner auf dem pc hast. also, alles was du auf legalem wege erhalten hast, sichern.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu noch ein opfer von Gozi,onlinebanking gesperrt,was nun? |
| button, download, ebanking, einstellungen, explorer, firefox, fix, forum, gesperrt, internet, java, links, live, logfile, malwarebytes, microsoft, neue, oldtimer, onlinebanking, reset, rojaner gefunden, software, system, system32, temp, trojaner, trojaner gefunden, update, windows |
Linear-Darstellung
