| |
| |||||||
Log-Analyse und Auswertung: Battle.net (wow) Account gehackt - Trotzdem nichts zu findenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.01.2011, 22:42
| #1 |
| |  Battle.net (wow) Account gehackt - Trotzdem nichts zu finden Hallo liebes Board, leider musste ich heute mittag feststellen dass mein frisch reaktivierter WoW Account gehackt wurde. Ich kann mir leider nicht vorstellen wie derjenige an meine Accountdaten kam, darum habe ich meinen PC mit spybot, hijackthis und anvira gruendlich gescanned. Leider habe ich abgesehen von den ueblichen kleinen Eintraegen keinen befriedigenden Fund auftun koennen. Hijackthis findet jedoch einige rote X die ich nicht entfernen kann. Vielleicht koennt Ihr mir ja ein bisschen auf die Spruenge helfen, denn leider kann ich im Moment nicht einfach meine paar Dateien sichern und alles neu installieren, sondern muss mir dafuer eher ein Wochenende Zeit nehmen alle wichtigen Daten auszusortieren... ------------------------------------------------------------------------- Zuerst zu diesem Umstaend: Mein Account ist gerade mal 6 Tage aktiv, trotzdem habe ich rund viel Gold am Auktionshaus gemacht, so dass es vielleicht auch jemand mitbekommen haben kann und es ein gezielter Angriff war... Da ich eine 100 Mbit Leitung habe, musste ich meinen Router zwischen Modem und Rechner entfernen, da ich leider keinen ausreichenden Router zur Hand habe. Ich denke an dieser Stelle fing das erhoehte Sicherheitsrisiko an... Mittlerweile ist der Router wieder zwischengeschaltet. Der Account durch einen Freund in Verwahrung, trotzdem mache ich mir natuerlich nun Sorgen, dass es nicht bei dem WoW Account bleibt, sondern auch auf andere - wertvolle - Dinge uebergreift. -------------------------------------------------------------------------- Hier das Hijack Log, ich muss nun erstmal fuer Adaware neu starten... Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:11:14, on 13.01.2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16700) Boot mode: Normal Running processes: Q:\Program Files (x86)\Skype\Phone\Skype.exe Q:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe Q:\Program Files\Avast5\AvastUI.exe Q:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe Q:\Program Files\Logitech\Logitech WebCam Software\LWS.exe Q:\Program Files (x86)\Java\jre6\bin\javaw.exe Q:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe Q:\Program Files (x86)\iTunes\iTunesHelper.exe Q:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe Q:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe Q:\Program Files (x86)\iTunes\iTunes.exe Q:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe Q:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe Q:\Users\Henning\AppData\Local\Google\Chrome\Application\chrome.exe Q:\Users\Henning\AppData\Local\Google\Chrome\Application\chrome.exe Q:\Users\Henning\AppData\Local\Google\Chrome\Application\chrome.exe Q:\Users\Henning\AppData\Local\Google\Chrome\Application\chrome.exe Q:\Users\Henning\AppData\Local\Google\Chrome\Application\chrome.exe Q:\Users\Henning\AppData\Local\Google\Chrome\Application\chrome.exe Q:\Users\Henning\AppData\Local\Google\Chrome\Application\chrome.exe Q:\Users\Henning\Desktop\HijackThis (1).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = Q:\Windows\SysWOW64\blank.htm F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - Q:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - Q:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Q:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] Q:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [NUSB3MON] "Q:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [avast5] "Q:\Program Files\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [SunJavaUpdateSched] "Q:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "Q:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\Run: [DivXUpdate] "Q:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "Q:\Program Files (x86)\Adobe Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "Q:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "Q:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "Q:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Google Update] "Q:\Users\Henning\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Skype] "Q:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] Q:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] Q:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-810194560-4055037929-675005504-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres') O4 - HKUS\S-1-5-21-810194560-4055037929-675005504-1006\..\RunOnce: [mctadmin] Q:\Windows\System32\mctadmin.exe (User 'postgres') O4 - Startup: Sc2gears.exe - Verknüpfung.lnk = Q:\Program Files (x86)\Sc2gears\Sc2gears.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://Q:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Q:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Q:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Q:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Q:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - Q:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - Q:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AppleChargerSrv - Unknown owner - Q:\Windows\system32\AppleChargerSrv.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - Q:\Program Files\Avast5\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - Q:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - Q:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Flash Media Server (FMS) (FMS) - Adobe Systems Incorporated. - Q:\Program Files (x86)\Adobe\Flash Media Server 3.5\FMSMaster.exe O23 - Service: Flash Media Administration Server (FMSAdmin) - Adobe Systems Incorporated. - Q:\Program Files (x86)\Adobe\Flash Media Server 3.5\FMSAdmin.exe O23 - Service: FMSHttpd - Apache Software Foundation - Q:\Program Files (x86)\Adobe\Flash Media Server 3.5\Apache2.2\bin\httpd.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - Q:\Program Files\iPod\bin\iPodService.exe O23 - Service: JMB36X - Unknown owner - Q:\Windows\SysWOW64\XSrvSetup.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - Q:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - Q:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - Q:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - Q:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - Q:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - Q:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: O&O Defrag - Unknown owner - Q:\Windows\system32\oodag.exe (file missing) O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - H:\bin\pg_ctl.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - Q:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - Q:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - Q:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - Q:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - Q:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - Q:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - Q:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - Q:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - Q:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - Q:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - Q:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - Q:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - Q:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - Q:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - Q:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - Q:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10152 bytes |
|
14.01.2011, 11:50
| #2 |
| /// Malware-holic   | Battle.net (wow) Account gehackt - Trotzdem nichts zu finden 1. wie war das passwort gewählt. wars eines was man erraten kann wie 12345 oder nen name oder ähnliches? wenn ja war das schon ein fehler.
__________________2. Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt
__________________ |
|
14.01.2011, 22:57
| #3 |
| | Battle.net (wow) Account gehackt - Trotzdem nichts zu finden danke dir!
__________________OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.01.2011 22:41:54 - Run 1 OTL by OldTimer - Version 3.2.20.2 Folder = Q:\Users\Henning\Downloads 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 36,00% Memory free 8,00 Gb Paging File | 2,00 Gb Available in Paging File | 30,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = Q: | %SystemRoot% = Q:\Windows | %ProgramFiles% = Q:\Program Files (x86) Drive C: | 833,85 Gb Total Space | 118,06 Gb Free Space | 14,16% Space Free | Partition Type: NTFS Drive F: | 498,51 Gb Total Space | 423,08 Gb Free Space | 84,87% Space Free | Partition Type: NTFS Drive H: | 97,66 Gb Total Space | 20,44 Gb Free Space | 20,93% Space Free | Partition Type: NTFS Drive Q: | 596,17 Gb Total Space | 348,08 Gb Free Space | 58,39% Space Free | Partition Type: NTFS Drive W: | 97,56 Gb Total Space | 35,76 Gb Free Space | 36,66% Space Free | Partition Type: NTFS Computer Name: FORSTI | User Name: Henning | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - Q:\Users\Henning\Downloads\OTL.exe (OldTimer Tools) PRC - Q:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe (Lavasoft) PRC - Q:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - Q:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - Q:\Program Files\Avast5\AvastUI.exe (AVAST Software) PRC - Q:\Program Files\Avast5\AvastSvc.exe (AVAST Software) PRC - Q:\Users\Henning\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - Q:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - Q:\Program Files (x86)\World of Warcraft\WoW.exe (Blizzard Entertainment) PRC - Q:\Program Files (x86)\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.) PRC - Q:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - Q:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - Q:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) PRC - H:\bin\pg_ctl.exe (PostgreSQL Global Development Group) PRC - H:\bin\postgres.exe (PostgreSQL Global Development Group) PRC - Q:\Windows\SysWOW64\XSrvSetup.exe () PRC - Q:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) PRC - Q:\Program Files (x86)\WEB.DE MultiMessenger\MESSENGR.EXE (WEB.DE GmbH) PRC - Q:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () PRC - Q:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe () PRC - Q:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.) PRC - Q:\Program Files (x86)\Adobe\Flash Media Server 3.5\FMSMaster.exe (Adobe Systems Incorporated.) PRC - Q:\Program Files (x86)\Adobe\Flash Media Server 3.5\FMSCore.exe (Adobe Systems Incorporated.) PRC - Q:\Program Files (x86)\Adobe\Flash Media Server 3.5\FMSEdge.exe (Adobe Systems Incorporated.) PRC - Q:\Program Files (x86)\Adobe\Flash Media Server 3.5\FMSAdmin.exe (Adobe Systems Incorporated.) PRC - Q:\Program Files (x86)\Adobe\Flash Media Server 3.5\Apache2.2\bin\httpd.exe (Apache Software Foundation) PRC - Q:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (SafeList) ========== MOD - Q:\Users\Henning\Downloads\OTL.exe (OldTimer Tools) MOD - Q:\Program Files\Avast5\snxhk.dll (AVAST Software) MOD - Q:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (avast! Antivirus) -- Q:\Program Files\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (LBTServ) -- Q:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe (Logitech, Inc.) SRV:64bit: - (AppleChargerSrv) -- Q:\Windows\SysNative\AppleChargerSrv.exe () SRV:64bit: - (LVPrcS64) -- Q:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV:64bit: - (WinDefend) -- Q:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- Q:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (O&O Defrag) -- Q:\Windows\SysNative\oodag.exe (O&O Software GmbH) SRV - (Lavasoft Ad-Aware Service) -- Q:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (TeamViewer6) -- Q:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Apple Mobile Device) -- Q:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (TeamViewer5) -- Q:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (pgsql-8.3) -- H:\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (clr_optimization_v4.0.30319_32) -- Q:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (JMB36X) -- Q:\Windows\SysWOW64\XSrvSetup.exe () SRV - (clr_optimization_v2.0.50727_32) -- Q:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FMS) Flash Media Server (FMS) -- Q:\Program Files (x86)\Adobe\Flash Media Server 3.5\FMSMaster.exe (Adobe Systems Incorporated.) SRV - (FMSAdmin) -- Q:\Program Files (x86)\Adobe\Flash Media Server 3.5\FMSAdmin.exe (Adobe Systems Incorporated.) SRV - (FMSHttpd) -- Q:\Program Files (x86)\Adobe\Flash Media Server 3.5\Apache2.2\bin\httpd.exe (Apache Software Foundation) SRV - (SBSDWSCService) -- Q:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswMonFlt) -- Q:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (Lbd) -- Q:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB) DRV:64bit: - (AppleCharger) -- Q:\Windows\SysNative\drivers\AppleCharger.sys () DRV:64bit: - (LUsbFilt) -- Q:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- Q:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- Q:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (JRAID) -- Q:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (nusb3xhc) -- Q:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV:64bit: - (nusb3hub) -- Q:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV:64bit: - (LVUVC64) Logitech QuickCam E3500(UVC) -- Q:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- Q:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (LVPr2Mon) -- Q:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (LVPr2M64) -- Q:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (amdsata) -- Q:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- Q:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- Q:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- Q:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- Q:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- Q:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- Q:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- Q:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- Q:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- Q:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- Q:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- Q:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (RTL8167) -- Q:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV - (gdrv) -- Q:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (Lavasoft Kernexplorer) -- Q:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = Q:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-810194560-4055037929-675005504-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-810194560-4055037929-675005504-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-810194560-4055037929-675005504-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-810194560-4055037929-675005504-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 79 6E AE D4 45 58 CB 01 [binary data] IE - HKU\S-1-5-21-810194560-4055037929-675005504-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: Q:\Program Files (x86)\Mozilla Firefox\components [2011.01.01 15:05:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: Q:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.01 15:05:57 | 000,000,000 | ---D | M] [2010.10.10 23:55:20 | 000,000,000 | ---D | M] (No name found) -- Q:\Users\Henning\AppData\Roaming\mozilla\Extensions [2011.01.13 23:37:05 | 000,000,000 | ---D | M] (No name found) -- Q:\Users\Henning\AppData\Roaming\mozilla\Firefox\Profiles\zg0wlb8e.default\extensions [2010.10.10 23:56:05 | 000,000,000 | ---D | M] (DownloadHelper) -- Q:\Users\Henning\AppData\Roaming\mozilla\Firefox\Profiles\zg0wlb8e.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.12.23 21:27:05 | 000,000,168 | ---- | M] () -- Q:\Users\Henning\AppData\Roaming\Mozilla\Firefox\Profiles\zg0wlb8e.default\searchplugins\icqplugin.gif [2010.12.23 21:27:05 | 000,000,618 | ---- | M] () -- Q:\Users\Henning\AppData\Roaming\Mozilla\Firefox\Profiles\zg0wlb8e.default\searchplugins\icqplugin.src [2011.01.10 13:44:51 | 000,001,056 | ---- | M] () -- Q:\Users\Henning\AppData\Roaming\Mozilla\Firefox\Profiles\zg0wlb8e.default\searchplugins\icqplugin.xml [2011.01.06 23:56:35 | 000,000,000 | ---D | M] (No name found) -- Q:\Program Files (x86)\mozilla firefox\extensions [2010.11.09 13:18:43 | 000,000,000 | ---D | M] (Java Console) -- Q:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.06 23:56:35 | 000,000,000 | ---D | M] (Java Console) -- Q:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- Q:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.09.14 22:32:39 | 000,001,392 | ---- | M] () -- Q:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.09.14 22:32:39 | 000,002,344 | ---- | M] () -- Q:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.09.14 22:32:39 | 000,006,805 | ---- | M] () -- Q:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.09.14 22:32:39 | 000,001,178 | ---- | M] () -- Q:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.09.14 22:32:39 | 000,001,105 | ---- | M] () -- Q:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - Q:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O3 - HKU\S-1-5-21-810194560-4055037929-675005504-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O4:64bit: - HKLM..\Run: [EvtMgr6] Q:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [OODefragTray] Q:\Windows\SysNative\oodtray.exe (O&O Software GmbH) O4:64bit: - HKLM..\Run: [RtHDVCpl] Q:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] Q:\Program Files (x86)\Adobe Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast5] Q:\Program Files\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DivXUpdate] Q:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] Q:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] Q:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [NUSB3MON] Q:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] Q:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] Q:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-810194560-4055037929-675005504-1006..\Run: [Sidebar] Q:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-21-810194560-4055037929-675005504-1006..\RunOnce: [mctadmin] File not found O4 - Startup: Q:\Users\Henning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sc2gears.exe - Verknüpfung.lnk = Q:\Program Files (x86)\Sc2gears\Sc2gears.exe (András Belcza) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Q:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Q:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Q:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Q:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - Q:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - Q:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - Q:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - Q:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - Q:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - q:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3982caca-a64f-11df-8203-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{3982caca-a64f-11df-8203-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Run.exe O33 - MountPoints2\{83916d96-a651-11df-8efc-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{83916d96-a651-11df-8efc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - Q:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: AppMgmt - Q:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - Q:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: Lavasoft Ad-Aware Service - Q:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Q:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - Q:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Lavasoft Ad-Aware Service - Q:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - Q:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - Q:\Windows\system32\Rundll32.exe Q:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - Q:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "Q:\Windows\System32\rundll32.exe" "Q:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - Q:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - Q:\Windows\SysWOW64\Rundll32.exe Q:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - Q:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "Q:\Windows\SysWOW64\rundll32.exe" "Q:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - Q:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L) Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.) Drivers32: msacm.ac3acm - Q:\Windows\SysWow64\ac3acm.acm (fccHandler) Drivers32: msacm.divxa32 - Q:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation) Drivers32: msacm.l3acm - Q:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - Q:\Windows\SysWow64\lameACM.acm (hxxp://www.mp3dev.org/) Drivers32: vidc.cvid - Q:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - Q:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: VIDC.FFDS - Q:\Windows\SysWow64\ff_vfw.dll () Drivers32: VIDC.FPS1 - Q:\Windows\SysWow64\frapsvid.dll (Beepa P/L) Drivers32: vidc.i420 - Q:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.) Drivers32: vidc.tscc - Q:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation) Drivers32: VIDC.XVID - Q:\Windows\SysWow64\xvidvfw.dll () Drivers32: VIDC.YV12 - Q:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.01.13 23:58:47 | 000,000,000 | ---D | C] -- Q:\Users\Henning\Desktop\Chris Cappuchino [2011.01.13 22:43:23 | 000,069,152 | ---- | C] (Lavasoft AB) -- Q:\Windows\SysNative\drivers\Lbd.sys [2011.01.13 22:43:20 | 000,049,752 | ---- | C] (Sunbelt Software) -- Q:\Windows\SysNative\drivers\SBREDrv.sys [2011.01.13 22:42:47 | 000,000,000 | ---D | C] -- Q:\Users\Henning\AppData\Local\Sunbelt Software [2011.01.13 22:38:07 | 000,000,000 | -H-D | C] -- Q:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} [2011.01.13 22:38:04 | 000,000,000 | ---D | C] -- Q:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft [2011.01.13 22:38:04 | 000,000,000 | ---D | C] -- Q:\ProgramData\Lavasoft [2011.01.13 22:38:04 | 000,000,000 | ---D | C] -- Q:\Program Files (x86)\Lavasoft [2011.01.13 21:58:26 | 000,000,000 | ---D | C] -- Q:\Users\Henning\Desktop\backups [2011.01.13 16:51:59 | 000,000,000 | ---D | C] -- Q:\daten [2011.01.13 16:13:21 | 000,237,168 | ---- | C] (AVAST Software) -- Q:\Windows\SysNative\aswBoot.exe [2011.01.13 15:57:46 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- Q:\Users\Henning\Desktop\HijackThis (1).exe [2011.01.07 14:28:03 | 000,000,000 | ---D | C] -- Q:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.01.07 14:28:00 | 000,000,000 | ---D | C] -- Q:\Program Files (x86)\Spybot - Search & Destroy [2011.01.06 23:56:34 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- Q:\Windows\SysWow64\javaws.exe [2011.01.06 23:56:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- Q:\Windows\SysWow64\javaw.exe [2011.01.06 23:56:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- Q:\Windows\SysWow64\java.exe [2011.01.06 00:37:18 | 000,000,000 | ---D | C] -- Q:\Users\Henning\AppData\Local\{A1CC2818-2994-4906-92B9-187D4D89FC2D} [2011.01.06 00:31:39 | 000,000,000 | ---D | C] -- Q:\Program Files\Windows Live [2011.01.06 00:30:34 | 001,888,256 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysNative\WMVDECOD.DLL [2011.01.06 00:30:34 | 001,619,456 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysWow64\WMVDECOD.DLL [2011.01.06 00:30:34 | 000,257,024 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysNative\mfreadwrite.dll [2011.01.06 00:30:34 | 000,206,848 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysNative\mfps.dll [2011.01.06 00:30:34 | 000,196,608 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysWow64\mfreadwrite.dll [2011.01.06 00:30:33 | 004,068,864 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysNative\mf.dll [2011.01.06 00:30:33 | 003,181,568 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysWow64\mf.dll [2011.01.06 00:29:33 | 000,000,000 | ---D | C] -- Q:\Users\Henning\AppData\Local\Windows Live [2011.01.05 00:32:51 | 000,000,000 | ---D | C] -- Q:\Users\Henning\AppData\Roaming\Roaming [2011.01.04 17:42:33 | 000,000,000 | ---D | C] -- Q:\Users\Henning\Desktop\latest [2011.01.04 13:52:26 | 000,000,000 | ---D | C] -- Q:\Users\Henning\Desktop\www [2011.01.03 20:35:17 | 000,000,000 | ---D | C] -- Q:\Users\Henning\AppData\Local\Yahoo [2011.01.03 20:34:00 | 000,000,000 | ---D | C] -- Q:\ProgramData\Yahoo! [2011.01.03 20:32:34 | 000,000,000 | ---D | C] -- Q:\Program Files (x86)\Yahoo! [2011.01.01 15:07:35 | 000,000,000 | ---D | C] -- Q:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.01.01 15:07:13 | 000,000,000 | ---D | C] -- Q:\Program Files\iTunes [2011.01.01 15:07:13 | 000,000,000 | ---D | C] -- Q:\Program Files\iPod [2011.01.01 15:05:54 | 000,000,000 | ---D | C] -- Q:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2010.12.30 19:29:03 | 000,000,000 | ---D | C] -- Q:\Program Files (x86)\Google [2010.12.23 21:27:11 | 000,000,000 | ---D | C] -- Q:\Program Files (x86)\ICQ6Toolbar [2010.12.23 21:27:05 | 000,000,000 | ---D | C] -- Q:\ProgramData\ICQ [2010.12.23 21:26:53 | 000,000,000 | ---D | C] -- Q:\Users\Henning\AppData\Local\AOL [2010.12.16 19:31:38 | 000,000,000 | ---D | C] -- Q:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2010.12.16 19:31:38 | 000,000,000 | ---D | C] -- Q:\Program Files (x86)\Common Files\Skype [2010.12.16 16:43:39 | 000,000,000 | ---D | C] -- Q:\Users\Henning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II [2010.12.16 08:35:16 | 000,112,000 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysNative\consent.exe [2010.12.16 08:34:21 | 000,703,488 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysNative\msfeeds.dll [2010.12.16 08:34:20 | 000,599,040 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysWow64\msfeeds.dll [2010.12.16 08:34:20 | 000,482,816 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysNative\html.iec [2010.12.16 08:34:20 | 000,386,048 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysWow64\html.iec [2010.12.16 08:34:20 | 000,256,000 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysNative\iepeers.dll [2010.12.16 08:34:20 | 000,247,808 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysNative\ieui.dll [2010.12.16 08:34:20 | 000,185,856 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysWow64\iepeers.dll [2010.12.16 08:34:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysWow64\ieui.dll [2010.12.16 08:34:20 | 000,097,280 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysNative\mshtmled.dll [2010.12.16 08:34:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysWow64\mshtmled.dll [2010.12.16 08:34:20 | 000,057,856 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysNative\licmgr10.dll [2010.12.16 08:34:20 | 000,044,544 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysWow64\licmgr10.dll [2010.12.16 08:34:20 | 000,012,800 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysWow64\msfeedssync.exe [2010.12.16 08:34:20 | 000,012,288 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysNative\msfeedssync.exe [2010.12.16 08:33:58 | 001,169,408 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysNative\taskschd.dll [2010.12.16 08:33:58 | 000,524,288 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysNative\wmicmiplugin.dll [2010.12.16 08:33:58 | 000,496,128 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysWow64\taskschd.dll [2010.12.16 08:33:58 | 000,473,600 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysNative\taskcomp.dll [2010.12.16 08:33:58 | 000,464,384 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysNative\taskeng.exe [2010.12.16 08:33:58 | 000,285,696 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysNative\schtasks.exe [2010.12.16 08:33:57 | 000,305,152 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysWow64\taskcomp.dll [2010.12.16 08:33:57 | 000,179,712 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysWow64\schtasks.exe [2010.12.16 08:33:50 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- Q:\Windows\SysNative\atmfd.dll [2010.12.16 08:33:50 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- Q:\Windows\SysWow64\atmfd.dll [2010.12.16 08:33:50 | 000,046,080 | ---- | C] (Adobe Systems) -- Q:\Windows\SysNative\atmlib.dll [2010.12.16 08:33:50 | 000,034,304 | ---- | C] (Adobe Systems) -- Q:\Windows\SysWow64\atmlib.dll [2010.12.16 08:33:44 | 000,395,776 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysNative\webio.dll [2010.12.16 08:33:44 | 000,314,368 | ---- | C] (Microsoft Corporation) -- Q:\Windows\SysWow64\webio.dll ========== Files - Modified Within 30 Days ========== [2011.01.14 22:31:28 | 000,024,576 | ---- | M] () -- Q:\Users\Henning\Desktop\Abs.doc [2011.01.14 21:50:01 | 000,001,126 | ---- | M] () -- Q:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-810194560-4055037929-675005504-1000UA.job [2011.01.14 19:50:00 | 000,001,074 | ---- | M] () -- Q:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-810194560-4055037929-675005504-1000Core.job [2011.01.14 15:03:12 | 000,067,584 | --S- | M] () -- Q:\Windows\bootstat.dat [2011.01.13 23:03:35 | 000,014,096 | -H-- | M] () -- Q:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.13 23:03:35 | 000,014,096 | -H-- | M] () -- Q:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.13 22:55:58 | 3219,300,352 | -HS- | M] () -- Q:\hiberfil.sys [2011.01.13 22:55:57 | 000,131,531 | ---- | M] () -- Q:\Windows\SysNative\oodbs.lor [2011.01.13 22:43:20 | 000,049,752 | ---- | M] (Sunbelt Software) -- Q:\Windows\SysNative\drivers\SBREDrv.sys [2011.01.13 22:43:19 | 000,015,880 | ---- | M] () -- Q:\Windows\SysNative\lsdelete.exe [2011.01.13 22:38:06 | 000,001,156 | ---- | M] () -- Q:\Users\Public\Desktop\Ad-Aware.lnk [2011.01.13 21:46:37 | 000,201,030 | ---- | M] () -- Q:\Users\Henning\Desktop\lspfix_1.1_uni.zip [2011.01.13 16:13:21 | 000,000,000 | ---- | M] () -- Q:\Windows\SysWow64\config.nt [2011.01.13 15:57:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- Q:\Users\Henning\Desktop\HijackThis (1).exe [2011.01.13 09:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- Q:\Windows\avastSS.scr [2011.01.13 09:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- Q:\Windows\SysWow64\aswBoot.exe [2011.01.13 09:47:23 | 000,237,168 | ---- | M] (AVAST Software) -- Q:\Windows\SysNative\aswBoot.exe [2011.01.13 09:41:44 | 000,273,488 | ---- | M] (AVAST Software) -- Q:\Windows\SysNative\drivers\aswSP.sys [2011.01.13 09:40:20 | 000,051,792 | ---- | M] (AVAST Software) -- Q:\Windows\SysNative\drivers\aswTdi.sys [2011.01.13 09:37:34 | 000,029,264 | ---- | M] (AVAST Software) -- Q:\Windows\SysNative\drivers\aswRdr.sys [2011.01.13 09:37:23 | 000,062,032 | ---- | M] (AVAST Software) -- Q:\Windows\SysNative\drivers\aswMonFlt.sys [2011.01.13 09:37:12 | 000,020,560 | ---- | M] (AVAST Software) -- Q:\Windows\SysNative\drivers\aswFsBlk.sys [2011.01.13 05:58:12 | 000,029,352 | ---- | M] () -- Q:\Users\Henning\Desktop\Chemie_111.pdf [2011.01.12 23:51:50 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- Q:\Windows\gdrv.sys [2011.01.08 22:54:40 | 006,046,208 | ---- | M] () -- Q:\Users\Henning\Desktop\flashmedialiveencoder-v3.1_signed (1).msi [2011.01.08 15:02:14 | 000,058,049 | ---- | M] () -- Q:\Users\Henning\Desktop\75138_161005147271807_100000869676106_301877_3455157_n.jpg [2011.01.05 20:04:11 | 000,000,000 | ---- | M] () -- Q:\Windows\SysNative\drivers\lvuvc.hs [2011.01.05 14:59:11 | 000,082,226 | ---- | M] () -- Q:\Users\Henning\Desktop\xspliterror.jpg [2011.01.04 02:57:37 | 000,106,202 | ---- | M] () -- Q:\Users\Henning\Desktop\Unbenannt.jpg [2011.01.02 15:06:18 | 003,308,934 | ---- | M] () -- Q:\Users\Henning\Desktop\latest.zip [2011.01.01 15:07:22 | 001,498,506 | ---- | M] () -- Q:\Windows\SysNative\PerfStringBackup.INI [2011.01.01 15:07:22 | 000,653,928 | ---- | M] () -- Q:\Windows\SysNative\perfh007.dat [2011.01.01 15:07:22 | 000,615,810 | ---- | M] () -- Q:\Windows\SysNative\perfh009.dat [2011.01.01 15:07:22 | 000,129,800 | ---- | M] () -- Q:\Windows\SysNative\perfc007.dat [2011.01.01 15:07:22 | 000,106,190 | ---- | M] () -- Q:\Windows\SysNative\perfc009.dat [2011.01.01 15:01:31 | 000,018,960 | ---- | M] (Logitech, Inc.) -- Q:\Windows\SysNative\drivers\LNonPnP.sys [2010.12.16 17:21:20 | 000,311,104 | ---- | M] () -- Q:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2011.01.14 22:02:06 | 000,015,880 | ---- | C] () -- Q:\Windows\SysNative\lsdelete.exe [2011.01.14 04:24:44 | 000,024,576 | ---- | C] () -- Q:\Users\Henning\Desktop\Abs.doc [2011.01.13 22:38:06 | 000,001,156 | ---- | C] () -- Q:\Users\Public\Desktop\Ad-Aware.lnk [2011.01.13 21:46:39 | 000,201,030 | ---- | C] () -- Q:\Users\Henning\Desktop\lspfix_1.1_uni.zip [2011.01.13 05:58:12 | 000,029,352 | ---- | C] () -- Q:\Users\Henning\Desktop\Chemie_111.pdf [2011.01.08 22:54:43 | 006,046,208 | ---- | C] () -- Q:\Users\Henning\Desktop\flashmedialiveencoder-v3.1_signed (1).msi [2011.01.08 15:02:03 | 000,058,049 | ---- | C] () -- Q:\Users\Henning\Desktop\75138_161005147271807_100000869676106_301877_3455157_n.jpg [2011.01.05 14:59:10 | 000,082,226 | ---- | C] () -- Q:\Users\Henning\Desktop\xspliterror.jpg [2011.01.02 15:06:14 | 003,308,934 | ---- | C] () -- Q:\Users\Henning\Desktop\latest.zip [2010.11.29 16:07:39 | 000,003,584 | ---- | C] () -- Q:\Users\Henning\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.16 21:41:29 | 000,007,605 | ---- | C] () -- Q:\Users\Henning\AppData\Local\Resmon.ResmonCfg [2010.08.28 04:13:37 | 000,000,000 | ---- | C] () -- Q:\Windows\HMHud.INI [2010.08.18 05:13:29 | 000,067,582 | ---- | C] () -- Q:\Program Files (x86)\hminstalllog.txt [2010.08.15 22:10:34 | 000,021,840 | ---- | C] () -- Q:\Windows\SysWow64\SIntfNT.dll [2010.08.15 22:10:34 | 000,017,212 | ---- | C] () -- Q:\Windows\SysWow64\SIntf32.dll [2010.08.15 22:10:34 | 000,012,067 | ---- | C] () -- Q:\Windows\SysWow64\SIntf16.dll [2010.08.15 11:50:07 | 000,027,648 | ---- | C] () -- Q:\Windows\SysWow64\AVSredirect.dll [2010.08.12 22:54:26 | 000,165,376 | ---- | C] () -- Q:\Windows\SysWow64\unrar.dll [2010.08.12 22:54:26 | 000,000,038 | ---- | C] () -- Q:\Windows\avisplitter.ini [2010.08.12 22:54:22 | 000,790,528 | ---- | C] () -- Q:\Windows\SysWow64\xvidcore.dll [2010.08.12 22:54:22 | 000,134,144 | ---- | C] () -- Q:\Windows\SysWow64\xvidvfw.dll [2010.08.12 22:54:22 | 000,108,032 | ---- | C] () -- Q:\Windows\SysWow64\ff_vfw.dll [2010.08.12 22:19:55 | 000,000,056 | -H-- | C] () -- Q:\ProgramData\ezsidmv.dat [2010.08.12 21:31:41 | 000,000,010 | ---- | C] () -- Q:\Windows\GSetup.ini [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- Q:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- Q:\Windows\SysWow64\msjetoledb40.dll ========== LOP Check ========== [2010.12.11 12:19:52 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\.minecraft [2011.01.04 19:09:07 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\FileZilla [2010.09.28 10:13:30 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\GrabPro [2011.01.13 06:05:35 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\HEM Data [2010.08.12 22:08:16 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\Leadertech [2010.09.21 12:54:04 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\LolClient [2010.10.06 17:41:00 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\ManyCam [2011.01.09 17:35:18 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\NoNameScript [2010.10.09 01:27:16 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\Octoshape [2010.10.06 17:39:06 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\Orbit [2010.08.20 21:15:13 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\postgresql [2010.09.28 10:13:32 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\ProgSense [2011.01.05 00:32:51 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\Roaming [2011.01.05 00:45:59 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\TeamViewer [2010.08.14 15:15:15 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\TS3Client [2011.01.12 23:48:42 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\uTorrent [2010.08.20 16:01:22 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\WEB.DE [2009.07.14 06:08:49 | 000,030,870 | ---- | M] () -- Q:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.12.11 12:19:52 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\.minecraft [2010.08.20 05:16:10 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\Adobe [2010.08.27 12:24:17 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\Apple Computer [2010.09.21 02:25:03 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\DivX [2010.10.11 01:29:11 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\dvdcss [2011.01.04 19:09:07 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\FileZilla [2010.09.28 10:13:30 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\GrabPro [2011.01.13 17:48:53 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\GRETECH [2011.01.13 06:05:35 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\HEM Data [2010.08.12 21:26:04 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\Identities [2010.08.12 22:08:16 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\Leadertech [2010.08.12 22:07:17 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\Logishrd [2010.08.12 22:08:20 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\Logitech [2010.09.21 12:54:04 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\LolClient [2010.08.12 21:41:09 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\Macromedia [2010.10.06 17:41:00 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\ManyCam [2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\Media Center Programs [2010.08.16 01:20:35 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\Media Player Classic [2010.10.25 12:29:08 | 000,000,000 | --SD | M] -- Q:\Users\Henning\AppData\Roaming\Microsoft [2010.08.13 18:31:22 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\mIRC [2010.10.10 23:55:20 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\Mozilla [2011.01.09 17:35:18 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\NoNameScript [2010.10.09 01:27:16 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\Octoshape [2010.10.06 17:39:06 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\Orbit [2010.08.20 21:15:13 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\postgresql [2010.09.28 10:13:32 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\ProgSense [2011.01.05 00:32:51 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\Roaming [2011.01.14 22:43:00 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\Skype [2011.01.14 16:03:05 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\skypePM [2011.01.05 00:45:59 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\TeamViewer [2010.08.14 15:15:15 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\TS3Client [2011.01.12 23:48:42 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\uTorrent [2011.01.13 15:55:20 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\vlc [2010.08.20 16:01:22 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\WEB.DE [2010.09.17 16:34:19 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\Winamp [2010.08.14 14:22:19 | 000,000,000 | ---D | M] -- Q:\Users\Henning\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.08.14 14:25:36 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- Q:\Users\Henning\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.10.06 17:43:15 | 000,348,160 | ---- | M] (Octoshape ApS) -- Q:\Users\Henning\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe [2010.08.12 22:49:05 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- Q:\Users\Henning\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2010.11.19 05:29:39 | 000,013,406 | R--- | M] () -- Q:\Users\Henning\AppData\Roaming\Microsoft\Installer\{5049FE6D-46A4-4BA4-B9A9-6406AFAAB60D}\_7AFB5B43AAE2BA1F48AA03.exe [2010.11.19 05:29:39 | 000,013,406 | R--- | M] () -- Q:\Users\Henning\AppData\Roaming\Microsoft\Installer\{5049FE6D-46A4-4BA4-B9A9-6406AFAAB60D}\_E0F6AE1A6CFBD68573FC5A.exe [2008.09.17 09:23:20 | 000,094,572 | ---- | M] (ESNation) -- Q:\Users\Henning\AppData\Roaming\NoNameScript\nnrepair.exe [2010.05.22 08:00:28 | 000,105,731 | ---- | M] (ESNation) -- Q:\Users\Henning\AppData\Roaming\NoNameScript\nnuninstall.exe [2009.01.08 14:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- Q:\Users\Henning\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- Q:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- Q:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- Q:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- Q:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- Q:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- Q:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- Q:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- Q:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- Q:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- Q:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- Q:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- Q:\Windows\SysWOW64\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- Q:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- Q:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- Q:\Windows\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- Q:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- Q:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- Q:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- Q:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- Q:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- Q:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- Q:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTORV.SYS > [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- Q:\Windows\SysNative\drivers\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- Q:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- Q:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- Q:\Windows\SysNative\netlogon.dll [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- Q:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- Q:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- Q:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- Q:\Windows\SysNative\drivers\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- Q:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- Q:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- Q:\Windows\SysWOW64\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- Q:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- Q:\Windows\SysNative\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- Q:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- Q:\Windows\SysNative\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- Q:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- Q:\Windows\SysWOW64\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- Q:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- Q:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- Q:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- Q:\Windows\SysNative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- Q:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- Q:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- Q:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- Q:\Windows\SysNative\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- Q:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- Q:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- Q:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- Q:\Windows\SysWOW64\dxtmsft.dll [2009.07.14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- Q:\Windows\SysWOW64\dxtrans.dll [2010.11.04 06:48:18 | 000,185,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- Q:\Windows\SysWOW64\iepeers.dll ========== Files - Unicode (All) ========== (Q:\ProgramData\Microsoft\Windows\Start Menu\Programs\?????? II) -- Q:\ProgramData\Microsoft\Windows\Start Menu\Programs\스타크래프트 II ========== Alternate Data Streams ========== @Alternate Data Stream - 4 bytes -> Q:\test.txt:CheckNtfs @Alternate Data Stream - 133 bytes -> Q:\ProgramData\TEMP:05EE1EEF < End of report > extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.01.2011 22:41:54 - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = Q:\Users\Henning\Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 36,00% Memory free
8,00 Gb Paging File | 2,00 Gb Available in Paging File | 30,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = Q: | %SystemRoot% = Q:\Windows | %ProgramFiles% = Q:\Program Files (x86)
Drive C: | 833,85 Gb Total Space | 118,06 Gb Free Space | 14,16% Space Free | Partition Type: NTFS
Drive F: | 498,51 Gb Total Space | 423,08 Gb Free Space | 84,87% Space Free | Partition Type: NTFS
Drive H: | 97,66 Gb Total Space | 20,44 Gb Free Space | 20,93% Space Free | Partition Type: NTFS
Drive Q: | 596,17 Gb Total Space | 348,08 Gb Free Space | 58,39% Space Free | Partition Type: NTFS
Drive W: | 97,56 Gb Total Space | 35,76 Gb Free Space | 36,66% Space Free | Partition Type: NTFS
Computer Name: FORSTI | User Name: Henning | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- Q:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- Q:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- Q:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-810194560-4055037929-675005504-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Q:\Users\Henning\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "Q:\Windows\System32\rundll32.exe" "Q:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "Q:\Windows\System32\rundll32.exe" "Q:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "Q:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- Q:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "Q:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "Q:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "Q:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "Q:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "Q:\Windows\System32\rundll32.exe" "Q:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "Q:\Windows\System32\rundll32.exe" "Q:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "Q:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- Q:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "Q:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "Q:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "Q:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "Q:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{427FC0B8-C83A-4A0D-953F-A9AFB35BA7BB}" = SplitMediaLabs VH Screen Capture Driver (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90CE0915-BA91-415E-8A0A-76FE873392ED}" = O&O Defrag Professional
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SP6" = Logitech SetPoint 6.15
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{37491A3D-B2A6-402D-898E-5C4EF3984C29}" = Adobe Flash Media Live Encoder 3.1
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0409.1
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5049FE6D-46A4-4BA4-B9A9-6406AFAAB60D}" = TableNinja
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75A7FC60-7A31-49F4-AF41-A67833BF6A8A}" = XSplit
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Media Server 3.5.1_is1" = Adobe Flash Media Server 3.5.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"FileZilla Client" = FileZilla Client 3.3.5.1
"Fraps" = Fraps (remove only)
"GOM Player" = GOM Player
"HoldemManager" = Holdem Manager
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Full)
"League of Legends_is1" = League of Legends
"mIRC" = mIRC
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"PokerStars" = PokerStars
"StarCraft II" = StarCraft II
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"TeamViewer 5" = TeamViewer 5
"TeamViewer 6" = TeamViewer 6
"VH Toolkit_is1" = VH Toolkit 1.0.46.0
"VLC media player" = VLC media player 1.0.5
"WEB.DE MultiMessenger" = WEB.DE MultiMessenger
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"스타크래프트 II" = 스타크래프트 II
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-810194560-4055037929-675005504-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"NoNameScript" = NNScript
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
15.01.2011, 14:41
| #4 |
| /// Malware-holic | Battle.net (wow) Account gehackt - Trotzdem nichts zu finden was ist mit der frage die ich gestellt hab.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.01.2011, 17:42
| #5 |
| | Battle.net (wow) Account gehackt - Trotzdem nichts zu finden ja das passwort war nicht kryptisch, sondern wort+zahl. Eben mein (nun ehemaliges) Standardpasswort für unwichtigere Sachen. Trotzdem nun keins das man erraten kann oder mit mir persönlich zusammenhängt (nicht mein vorname etc.) |
|
15.01.2011, 17:58
| #6 |
| /// Malware-holic | Battle.net (wow) Account gehackt - Trotzdem nichts zu finden download malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten. b
__________________ --> Battle.net (wow) Account gehackt - Trotzdem nichts zu finden |
|
17.01.2011, 01:53
| #7 |
| | Battle.net (wow) Account gehackt - Trotzdem nichts zu finden ich denke das ist auch alles nicht verantwortlich für einen acc hack: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5527
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
16.01.2011 13:16:12
mbam-log-2011-01-16 (13-16-12).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|H:\|Q:\|W:\|)
Durchsuchte Objekte: 443271
Laufzeit: 47 Minute(n), 25 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
q:\Users\Henning\Desktop\desktop\redvex_3.0.1_11-28-07\d2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
w:\$Recycle.Bin\s-1-5-21-863568611-2836994588-1670518758-1001\$RQRDWPY.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
w:\$Recycle.Bin\s-1-5-21-863568611-2836994588-1670518758-1001\$RV2T7C1\Awesom-O.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
w:\Poker\william hill poker\_setuppoker_da4aa8_en.exe (PUP.Casino) -> Quarantined and deleted successfully.
w:\Users\Henning\downloads\setuppoker_da4aa8_en.exe (PUP.Casino) -> Quarantined and deleted successfully.
|
|
17.01.2011, 13:28
| #8 |
| /// Malware-holic | Battle.net (wow) Account gehackt - Trotzdem nichts zu finden was haben denn adaware und spybot gefunden
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.01.2011, 15:54
| #9 |
| | Battle.net (wow) Account gehackt - Trotzdem nichts zu finden Spybot fand die üblichen Eintraege von tradedoubler etc. Adaware hingegen hatte 3 Dateien gefunden die aehnlich wie bei deinem tool seit monaten/jahren vor sich hin vegetieren und eher eine signatur als einen trojaner aufgewiesen haben. adaware verschwindet allerdings auch nach rund 3 stunden scan. ich musste adaware mehrfach laufen lassen und als er die 3 dateien fand, habe ich den scan abgebrochen und sie entfernen lassen. falls da also irgendwas anderes adaware beendet, ist adaware das falsche tool um es zu entfernen. alles in allem sehr mysteriös. vielleicht habe ich das Pw auch einfach mal für die falsche Seite benutzt und der/die Hacker konnten deshalb auf den wow account. wie gesagt: das pw war mein standardpw für eher unwichtige sachen. falls dir also nichts mehr einfällt, wie man suchen könnte, würde ich es dieses erste mal vielleicht auch einfach auf sich beruhen lassen. mein wow acc ist nun seit 2 tagen wieder aktiv und ich copy&paste das völlig neue passwort im moment in den loginscreen. Meine erste Vermutung war das Addontool von Curse-Gaming, welches dauernd laufen muss und bei einem Freund das gesamte wow zerstückelt hatte. Vielleicht ist da ja was faul gewesen? ich bin zumindest ratlos. obwohl ich nicht super viel ahnung habe, sollte man ja jedenfalls irgendwie irgendwas mit all diesen scannern gefunden haben, oder? |
|
17.01.2011, 16:17
| #10 |
| /// Malware-holic | Battle.net (wow) Account gehackt - Trotzdem nichts zu finden also von meiner seite aus sieht alles gut aus.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Battle.net (wow) Account gehackt - Trotzdem nichts zu finden |
| adobe, antivirus, avast, avast!, battle.net, bho, desktop, entfernen, explorer, google, hijack, hijackthis, internet, internet explorer, keylogger or backdoor, log, logfile, monitor, nvidia, object, plug-in, router, safer networking, security, senden, server, software, syswow64, trojaner, usb, usb 3.0, windows, wmp, wow account |
Linear-Darstellung
