|
Log-Analyse und Auswertung: Auf einmal Heimnetzgruppe auf Desktop? OoWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
01.12.2010, 01:31 | #1 |
| Auf einmal Heimnetzgruppe auf Desktop? Oo heute morgen musste ich feststellen, dass ich auf einmal ein Heimnetzgruppensymbol auf dem Desktop habe. Ich habe sie natürlich sofort deaktiviert. Was könnte das sein? Hijack-This Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:12:55, on 30.11.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Windows\System32\Ctxfihlp.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Windows\SYSTEM32\CTXFISPI.EXE E:\Programme\Skype\Phone\Skype.exe E:\Programme\Skype\Plugin Manager\skypePM.exe E:\Programme\Trillian\trillian.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\Markus\Desktop\HiJackThis204.exe C:\Windows\system32\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: {DLL_Str} O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 4540 bytes danke mbam hat was gefunden ansonsten ned Code:
ATTFilter Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Datenbank Version: 5216 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 30.11.2010 17:35:05 mbam-log-2010-11-30 (17-35-02).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 229979 Laufzeit: 1 Stunde(n), 8 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files\dvd maker\de-DE\dvdmaker.exe.mui (Trojan.Agent.Gen) -> No action taken. c:\Windows\winsxs\x86_microsoft-windows-o..sc-wizard.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0b1aa539f1a9f2b4\dvdmaker.exe.mui (Trojan.Agent.Gen) -> No action taken. |
04.12.2010, 19:44 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Auf einmal Heimnetzgruppe auf Desktop? OoZitat:
__________________ |
04.12.2010, 21:02 | #3 |
| Auf einmal Heimnetzgruppe auf Desktop? Oo windows 7
__________________ist aber laut Malwarebytes false-positive was ist mit malware.trace von sasw? ich hab grad nochmal nen durchlauf gemacht und es wurde erneut gefunden... |
04.12.2010, 22:47 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Auf einmal Heimnetzgruppe auf Desktop? Oo Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
04.12.2010, 22:58 | #5 |
| Auf einmal Heimnetzgruppe auf Desktop? OoCode:
ATTFilter OTL logfile created on: 04.12.2010 23:00:10 - Run 6 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Markus\Downloads An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 107,42 Gb Total Space | 78,69 Gb Free Space | 73,26% Space Free | Partition Type: NTFS Drive D: | 38,10 Gb Total Space | 1,54 Gb Free Space | 4,05% Space Free | Partition Type: NTFS Drive E: | 51,38 Gb Total Space | 4,03 Gb Free Space | 7,84% Space Free | Partition Type: NTFS Drive F: | 205,08 Gb Total Space | 150,59 Gb Free Space | 73,43% Space Free | Partition Type: NTFS Drive G: | 38,10 Gb Total Space | 8,77 Gb Free Space | 23,01% Space Free | Partition Type: NTFS Drive H: | 16,97 Gb Total Space | 0,67 Gb Free Space | 3,92% Space Free | Partition Type: NTFS Drive I: | 48,83 Gb Total Space | 9,30 Gb Free Space | 19,05% Space Free | Partition Type: NTFS Drive J: | 48,83 Gb Total Space | 28,52 Gb Free Space | 58,40% Space Free | Partition Type: NTFS Drive K: | 107,42 Gb Total Space | 101,36 Gb Free Space | 94,36% Space Free | Partition Type: NTFS Drive L: | 278,72 Gb Total Space | 62,86 Gb Free Space | 22,56% Space Free | Partition Type: NTFS Drive M: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MARKUS-PC | User Name: Markus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Markus\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - C:\Users\Markus\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\System32\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Modules (SafeList) ========== MOD - C:\Users\Markus\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\Markus\AppData\Local\Temp\catchme.sys File not found DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (ha20x2k) -- C:\Windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctdvda2k) -- C:\Windows\System32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (CTEXFIFX.SYS) -- C:\Windows\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.) DRV - (CTEXFIFX) -- C:\Windows\System32\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV - (CTHWIUT.SYS) -- C:\Windows\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.) DRV - (CTHWIUT) -- C:\Windows\System32\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV - (CT20XUT.SYS) -- C:\Windows\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.) DRV - (CT20XUT) -- C:\Windows\System32\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8D 70 9A 1C 71 66 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.28 21:33:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.18 17:17:13 | 000,000,000 | ---D | M] [2009.12.05 13:14:14 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\mozilla\Extensions [2010.12.04 22:08:20 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\6qbgrghf.default\extensions [2010.05.27 13:04:10 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\6qbgrghf.default\extensions\eafo3fflauncher@ea.com [2010.11.11 14:11:42 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\6qbgrghf.default\extensions\nasanightlaunch@example.com [2010.10.19 15:43:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.07.16 00:54:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.19 15:43:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.14 00:47:18 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.14 00:47:18 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.14 00:47:18 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.14 00:47:18 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.14 00:47:18 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.10.19 21:11:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: ({DLL_Str}) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.11.11 22:18:15 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.04.30 10:00:46 | 000,234,776 | R--- | M] (CAPCOM U.S.A., INC.) - M:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2009.04.21 14:13:44 | 000,000,055 | R--- | M] () - M:\Autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.24 00:20:19 | 000,000,000 | ---D | C] -- C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP [2010.11.24 00:14:15 | 000,026,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll [2010.11.24 00:14:14 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2010.11.24 00:14:14 | 010,084,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2010.11.24 00:14:14 | 010,023,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll [2010.11.24 00:14:14 | 005,473,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll [2010.11.24 00:14:14 | 004,837,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2010.11.24 00:14:14 | 002,912,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2010.11.24 00:14:14 | 002,666,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2010.11.24 00:14:14 | 000,888,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco322050.dll [2010.11.24 00:14:14 | 000,813,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322030.dll [2010.11.24 00:14:14 | 000,813,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll [2010.11.24 00:14:14 | 000,319,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll [2010.11.24 00:14:14 | 000,123,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys [2010.11.24 00:14:14 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2010.11.24 00:14:13 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2010.11.24 00:14:13 | 001,719,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll [2010.11.24 00:14:13 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd [2010.11.18 21:18:44 | 000,000,000 | ---D | C] -- C:\Fraps [2010.11.11 22:13:32 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\CAPCOM [2010.11.11 22:01:28 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\CAPCOM [2009.06.04 00:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.12.04 21:13:37 | 000,014,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.04 21:13:37 | 000,014,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.04 21:05:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.04 21:05:38 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys [2010.12.04 21:05:02 | 000,054,280 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx [2010.12.04 21:05:02 | 000,054,280 | ---- | M] () -- C:\Windows\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx [2010.12.04 21:05:02 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx [2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.24 12:23:53 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.24 12:23:53 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.24 12:23:53 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.24 12:23:53 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.24 01:36:11 | 000,003,997 | ---- | M] () -- C:\Users\Markus\.recently-used.xbel [2010.11.18 21:18:45 | 000,000,562 | ---- | M] () -- C:\Users\Markus\Desktop\Fraps.lnk [2010.11.18 17:17:13 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.11.11 21:54:48 | 000,000,444 | ---- | M] () -- C:\Users\Markus\Desktop\STREET FIGHTER IV.lnk [2010.11.05 22:19:29 | 000,126,203 | ---- | M] () -- C:\Users\Markus\Documents\Unbenannt (2).wma [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.24 01:36:11 | 000,003,997 | ---- | C] () -- C:\Users\Markus\.recently-used.xbel [2010.11.18 21:18:45 | 000,000,562 | ---- | C] () -- C:\Users\Markus\Desktop\Fraps.lnk [2010.11.11 21:54:48 | 000,000,444 | ---- | C] () -- C:\Users\Markus\Desktop\STREET FIGHTER IV.lnk [2010.11.05 22:19:29 | 000,126,203 | ---- | C] () -- C:\Users\Markus\Documents\Unbenannt (2).wma [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.10.12 13:44:40 | 000,003,838 | ---- | C] () -- C:\ProgramData\driverinfo.txt [2010.08.30 13:04:50 | 000,007,605 | ---- | C] () -- C:\Users\Markus\AppData\Local\Resmon.ResmonCfg [2010.07.03 18:22:26 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.07.03 18:22:19 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.06.11 19:12:24 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2010.06.11 19:12:24 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2010.06.11 19:12:24 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2010.03.12 18:17:19 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2010.01.03 16:57:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.12.30 19:03:49 | 000,139,152 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\PnkBstrK.sys [2009.12.30 19:03:49 | 000,138,968 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.12.05 13:28:35 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2009.12.05 13:28:35 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2009.12.05 13:28:05 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIGER.DLL [2009.10.20 19:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2009.09.28 09:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.04 01:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\System32\instwdm.ini [2009.06.04 01:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini [2009.06.04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll [2009.05.27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini [2004.08.13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys ========== LOP Check ========== [2009.12.09 19:21:34 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Acreon [2010.10.29 22:15:06 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\gtk-2.0 [2010.10.01 11:38:18 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Leadertech [2010.09.24 16:46:44 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\LucasArts [2009.12.20 15:08:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\MobMapUpdater [2009.12.15 18:40:56 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\OpenOffice.org [2010.03.12 19:24:07 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Three Rings Design [2009.12.05 14:03:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Trillian [2010.04.17 14:26:29 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TS3Client [2009.12.29 13:48:27 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Wireshark [2010.09.23 10:31:37 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.12.2010 23:00:10 - Run 6 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Markus\Downloads An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 107,42 Gb Total Space | 78,69 Gb Free Space | 73,26% Space Free | Partition Type: NTFS Drive D: | 38,10 Gb Total Space | 1,54 Gb Free Space | 4,05% Space Free | Partition Type: NTFS Drive E: | 51,38 Gb Total Space | 4,03 Gb Free Space | 7,84% Space Free | Partition Type: NTFS Drive F: | 205,08 Gb Total Space | 150,59 Gb Free Space | 73,43% Space Free | Partition Type: NTFS Drive G: | 38,10 Gb Total Space | 8,77 Gb Free Space | 23,01% Space Free | Partition Type: NTFS Drive H: | 16,97 Gb Total Space | 0,67 Gb Free Space | 3,92% Space Free | Partition Type: NTFS Drive I: | 48,83 Gb Total Space | 9,30 Gb Free Space | 19,05% Space Free | Partition Type: NTFS Drive J: | 48,83 Gb Total Space | 28,52 Gb Free Space | 58,40% Space Free | Partition Type: NTFS Drive K: | 107,42 Gb Total Space | 101,36 Gb Free Space | 94,36% Space Free | Partition Type: NTFS Drive L: | 278,72 Gb Total Space | 62,86 Gb Free Space | 22,56% Space Free | Partition Type: NTFS Drive M: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MARKUS-PC | User Name: Markus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R) "{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22 "{2BEB102E-F9CD-4881-984B-E288F66FD394}" = Quake Live Mozilla Plugin "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}" = RealSpeak Solo fur Deutsch - Steffi "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AudioCS" = Creative Audio-Systemsteuerung "CamStudio" = CamStudio "CCleaner" = CCleaner "Creative Software AutoUpdate" = Creative Software AutoUpdate "Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster "Diablo II" = Diablo II "Fraps" = Fraps "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Essentials" = Microsoft Security Essentials "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenAL" = OpenAL "PunkBusterSvc" = PunkBuster Services "Steam App 2130" = Dark Messiah Might and Magic Multi-Player "Steam App 220" = Half-Life 2 "Steam App 28000" = Kane & Lynch 2: Dog Days "Steam App 320" = Half-Life 2: Deathmatch "Steam App 32360" = The Secret of Monkey Island: Special Edition "Steam App 32460" = Monkey Island 2: Special Edition "Steam App 50130" = Mafia II "Steam App 550" = Left 4 Dead 2 "Steam App 8190" = Just Cause 2 "WinGimp-2.0_is1" = GIMP 2.6.10 "WinPcapInst" = WinPcap 4.1.1 "WinRAR archiver" = WinRAR "Wireshark" = Wireshark 1.2.5 "World of Warcraft" = World of Warcraft "World of Warcraft Beta" = World of Warcraft Beta "World of Warcraft Public Test" = World of Warcraft Public Test ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "090215de958f1060" = Curse Client "Puzzle Pirates" = Puzzle Pirates "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 23.11.2010 19:07:00 | Computer Name = Markus-PC | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary nvlddmkm. System Error: Das System kann die angegebene Datei nicht finden. . Error - 23.11.2010 19:09:44 | Computer Name = Markus-PC | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary nvlddmkm. System Error: Das System kann die angegebene Datei nicht finden. . Error - 23.11.2010 19:20:20 | Computer Name = Markus-PC | Source = MsiInstaller | ID = 1013 Description = Error - 23.11.2010 19:22:07 | Computer Name = Markus-PC | Source = MsiInstaller | ID = 1013 Description = Error - 23.11.2010 19:25:43 | Computer Name = Markus-PC | Source = MsiInstaller | ID = 1013 Description = Error - 24.11.2010 19:04:36 | Computer Name = Markus-PC | Source = MsiInstaller | ID = 1013 Description = Error - 25.11.2010 15:39:57 | Computer Name = Markus-PC | Source = MsiInstaller | ID = 1013 Description = Error - 29.11.2010 11:07:07 | Computer Name = Markus-PC | Source = MsiInstaller | ID = 1013 Description = Error - 04.12.2010 14:46:47 | Computer Name = Markus-PC | Source = MsiInstaller | ID = 1013 Description = Error - 04.12.2010 15:19:03 | Computer Name = Markus-PC | Source = Application Hang | ID = 1002 Description = Programm SUPERAntiSpyware.exe, Version 4.31.0.1000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: a4c Startzeit: 01cb93d601f9d228 Endzeit: 57 Anwendungspfad: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Berichts-ID: [ Media Center Events ] Error - 24.07.2010 21:04:27 | Computer Name = Markus-PC | Source = MCUpdate | ID = 0 Description = 03:04:24 - Fehler beim Herstellen der Internetverbindung. 03:04:24 - Serververbindung konnte nicht hergestellt werden.. Error - 24.07.2010 22:04:32 | Computer Name = Markus-PC | Source = MCUpdate | ID = 0 Description = 04:04:31 - Fehler beim Herstellen der Internetverbindung. 04:04:31 - Serververbindung konnte nicht hergestellt werden.. Error - 24.07.2010 23:04:37 | Computer Name = Markus-PC | Source = MCUpdate | ID = 0 Description = 05:04:36 - Fehler beim Herstellen der Internetverbindung. 05:04:36 - Serververbindung konnte nicht hergestellt werden.. Error - 25.07.2010 00:04:41 | Computer Name = Markus-PC | Source = MCUpdate | ID = 0 Description = 06:04:41 - Fehler beim Herstellen der Internetverbindung. 06:04:41 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 13.06.2010 08:21:07 | Computer Name = Markus-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error - 13.06.2010 08:34:04 | Computer Name = Markus-PC | Source = bowser | ID = 8003 Description = Error - 13.06.2010 08:48:02 | Computer Name = Markus-PC | Source = bowser | ID = 8003 Description = Error - 13.06.2010 09:00:12 | Computer Name = Markus-PC | Source = bowser | ID = 8003 Description = Error - 13.06.2010 11:33:48 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7016 Description = Der Dienst "NVIDIA Stereoscopic 3D Driver Service" hat einen ungültigen aktuellen Status gemeldet: 0 Error - 13.06.2010 16:34:08 | Computer Name = Markus-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error - 13.06.2010 17:58:17 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7016 Description = Der Dienst "NVIDIA Stereoscopic 3D Driver Service" hat einen ungültigen aktuellen Status gemeldet: 0 Error - 14.06.2010 11:56:15 | Computer Name = Markus-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error - 14.06.2010 17:28:56 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7016 Description = Der Dienst "NVIDIA Stereoscopic 3D Driver Service" hat einen ungültigen aktuellen Status gemeldet: 0 Error - 15.06.2010 12:46:33 | Computer Name = Markus-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. < End of report > Geändert von Humpestos (04.12.2010 um 23:04 Uhr) |
05.12.2010, 14:41 | #6 |
| Auf einmal Heimnetzgruppe auf Desktop? Oo hm. mir ist gerade dieser thread aufgefallen hxxp://www.bleepingcomputer.com/forums/topic364527.html ich gehe mal davon aus, dass der malware.trace-eintrag wieder false-positive ist oder? er bekam dasselbe im selben zeitraum... wimmelt es eigentlich nur noch von false-positive-patches? gruß |
05.12.2010, 15:28 | #7 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Auf einmal Heimnetzgruppe auf Desktop? OoZitat:
Noch Probleme oder andere Funde oder ist nun alles paletti?
__________________ Logfiles bitte immer in CODE-Tags posten |
05.12.2010, 18:37 | #8 |
| Auf einmal Heimnetzgruppe auf Desktop? Oo hm ich hab manchmal das gefühl der pc braucht länger zum hochfahren? und warum war auf einmal die heimnetzgruppe aktiviert? |
05.12.2010, 19:09 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Auf einmal Heimnetzgruppe auf Desktop? Oo Also Jesus bin ich (noch) nicht Wieviel länger braucht er denn zum Hochfahren? Sekunden oder Minuten?
__________________ Logfiles bitte immer in CODE-Tags posten |
05.12.2010, 21:59 | #10 |
| Auf einmal Heimnetzgruppe auf Desktop? Oo nein ein paar sekunden verzögert. manchmal schneller, manchmal langsamer |
Themen zu Auf einmal Heimnetzgruppe auf Desktop? Oo |
adobe, bho, desktop, dll, explorer, firefox, hijackthis, internet, internet explorer, logfile, malwarebytes, micro, microsoft, microsoft security, microsoft security essentials, mozilla, nvidia, plug-in, programme, rundll, security, security scan, software, superantispyware, system, system32, trojan.agent.ge, windows, winlogon, winsock |