| |
| |||||||
Log-Analyse und Auswertung: Schwarzer Bildschirm + PC läuft + im Hintergrund läuft wohl ein Video o.OWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.01.2011, 11:57
| #1 |
| |  Schwarzer Bildschirm + PC läuft + im Hintergrund läuft wohl ein Video o.O Hallo Liebe Community, nun Poste ich mal ein sehr seltsames Ereigniss. Seit einiger Zeit wenn der Pc etwas länger läuft und ich z.B. Zocke, wird der Bildschirm auf einmal Schwarz, der Pc läuft aber ich kann z.B. im Teamspeak mich nichtmehr mit jemandem unterhalten. Dazu kommt das ich über die Lautsprecher seltsame Geräusche höre. Es hört sich an wie in einer Werkstatt und ein Motorrad fährt ... sehr sehr komisch, da ich kein Video auf dem Rechner habe, in welchem ein Motorrad vorkommt. Zudem geht abundzu Werbung auf. Und BF Bad Commpany 2 stürzt einfach so ab. Ich hoffe ihr könnt mir bei meinem Problem helfen. Vielen dank schonmal im Vorraus!!! Ps: Dazu muss ich sagen ich habe Win 7 32Bit drauf. MBam - Log Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5564
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
21.01.2011 10:55:37
mbam-log-2011-01-21 (10-55-37).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 142843
Laufzeit: 4 Minute(n), 6 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:01 on 21/01/2011 (Fabian)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
Code:
ATTFilter GMER Logfile: OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.01.2011 11:38:48 - Run 1 OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Fabian\Desktop\MFTools An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,43 Gb Total Space | 6,70 Gb Free Space | 9,00% Space Free | Partition Type: NTFS Drive D: | 298,09 Gb Total Space | 179,99 Gb Free Space | 60,38% Space Free | Partition Type: NTFS Computer Name: FABI | User Name: Fabian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.01.21 10:43:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\MFTools\OTL.exe PRC - [2011.01.07 21:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2010.12.14 14:04:48 | 000,653,120 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe PRC - [2010.12.14 14:03:16 | 001,517,376 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe PRC - [2010.12.12 19:56:33 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.12.12 17:41:23 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.06 13:10:53 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.06 13:10:53 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.06.02 15:58:20 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.11.19 18:43:14 | 000,135,168 | ---- | M] () -- C:\Programme\Razer\Copperhead\razerhid.exe PRC - [2009.11.16 13:25:32 | 000,131,072 | ---- | M] () -- C:\Programme\Razer\Copperhead\razertra.exe PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2007.09.20 14:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe PRC - [2007.09.13 13:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2007.09.13 13:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe PRC - [2007.07.10 21:19:24 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe PRC - [2007.07.10 21:15:14 | 000,390,424 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\NicConfigSvc.exe PRC - [2007.06.26 16:37:54 | 000,320,784 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe PRC - [2007.06.26 16:37:30 | 000,775,952 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\LCD Manager\LCDMon.exe PRC - [2007.06.26 16:37:18 | 000,374,032 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe PRC - [2007.06.26 16:36:42 | 000,387,856 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe PRC - [2007.06.26 16:36:32 | 000,203,024 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe PRC - [2007.04.25 12:18:56 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.04.25 12:18:52 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.01.09 09:48:58 | 000,147,456 | ---- | M] (Razer Inc.) -- C:\Programme\Razer\Copperhead\razerofa.exe ========== Modules (SafeList) ========== MOD - [2011.01.21 10:43:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\MFTools\OTL.exe MOD - [2010.11.04 06:48:18 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieproxy.dll MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2010.05.05 07:46:55 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll MOD - [2010.03.25 16:17:22 | 000,159,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.dll MOD - [2010.03.25 10:25:22 | 004,222,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL MOD - [2010.03.25 03:45:24 | 008,945,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\1031\GrooveIntlResource.dll MOD - [2010.01.30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2009.07.14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll MOD - [2009.07.14 02:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll MOD - [2009.07.14 02:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2009.07.14 02:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009.07.14 02:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvcli.dll MOD - [2009.07.14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slc.dll MOD - [2009.07.14 02:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFolder.dll MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009.07.14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009.07.14 02:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcRtRemote.dll MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009.07.14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009.07.14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009.07.14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsp.dll MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009.07.14 02:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009.07.14 02:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll MOD - [2009.06.10 22:14:56 | 000,652,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll MOD - [2009.06.10 22:14:54 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcp90.dll ========== Win32 Services (SafeList) ========== SRV - [2010.12.14 14:03:16 | 001,517,376 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.12.14 14:00:50 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2010.12.12 17:41:23 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.06 13:10:53 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.11.04 19:35:22 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.11.02 05:36:16 | 000,801,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.06.02 15:58:20 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.03.25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV) SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2007.09.20 14:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters) SRV - [2007.09.13 13:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) SRV - [2007.07.10 21:15:14 | 000,390,424 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc) SRV - [2007.04.25 12:18:56 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) ========== Driver Services (SafeList) ========== DRV - [2011.01.08 04:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.12.20 12:28:39 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.29 19:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2010.11.22 13:33:35 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.22 19:36:45 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.01.01 18:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009.11.10 15:50:08 | 000,012,416 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\copperhd.sys -- (UsbFltr) DRV - [2009.08.28 09:33:50 | 000,228,784 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009.07.14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009.07.14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009.07.14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci) DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R) DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm) DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM) DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl) DRV - [2008.08.21 05:38:10 | 000,020,480 | ---- | M] (Dell Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\omci.sys -- (OMCI) DRV - [2007.10.10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev) DRV - [2007.09.13 13:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007.06.05 16:57:48 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2007.04.25 12:17:36 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2007.03.05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx) DRV - [2006.11.14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 19:56:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 14:13:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.12 17:43:15 | 000,000,000 | ---D | M] [2010.02.04 18:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions [2010.02.04 18:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.12.20 12:45:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.02.04 21:15:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [2010.09.28 10:17:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.22 13:48:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.20 12:45:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.02.04 21:00:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.12.07 23:25:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2010.04.07 16:29:27 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.07 16:29:27 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.07 16:29:27 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.07 16:29:27 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.07 16:29:27 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.06.22 19:51:59 | 000,001,498 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com:443 O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [Copperhead] C:\Programme\Razer\Copperhead\razerhid.exe () O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe (Logitech Inc.) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6a6574e9-23ca-11df-8e95-00219bec983c}\Shell - "" = AutoRun O33 - MountPoints2\{6a6574e9-23ca-11df-8e95-00219bec983c}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{7b86f3f9-a48a-11df-9f65-00219bec983c}\Shell - "" = AutoRun O33 - MountPoints2\{7b86f3f9-a48a-11df-9f65-00219bec983c}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{9c8bdd43-7e2d-11df-87ba-00219bec983c}\Shell - "" = AutoRun O33 - MountPoints2\{9c8bdd43-7e2d-11df-87ba-00219bec983c}\Shell\AutoRun\command - "" = F:\SETUP.EXE O33 - MountPoints2\{9c8bdd43-7e2d-11df-87ba-00219bec983c}\Shell\configure\command - "" = F:\SETUP.EXE O33 - MountPoints2\{9c8bdd43-7e2d-11df-87ba-00219bec983c}\Shell\install\command - "" = F:\SETUP.EXE O33 - MountPoints2\{9f6a037c-1d68-11e0-9cef-00219bec983c}\Shell - "" = AutoRun O33 - MountPoints2\{9f6a037c-1d68-11e0-9cef-00219bec983c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (autocheck turegopt /AM) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2011.01.21 10:50:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.01.21 10:50:14 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.01.21 10:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.01.21 10:45:06 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Malwarebytes [2011.01.21 10:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.21 10:44:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.01.21 10:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.21 10:44:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.01.21 10:44:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.01.21 10:43:05 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\MFTools [2011.01.20 10:35:23 | 000,000,000 | ---D | C] -- C:\ProgramData\YxljdvsPl [2011.01.19 23:22:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.01.19 23:14:26 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2011.01.18 18:44:21 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2011.01.18 18:44:05 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2011.01.18 18:44:05 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2011.01.18 18:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011 [2011.01.18 18:43:31 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2011 [2011.01.18 18:30:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2011.01.17 18:40:38 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\NTA Sem 5 [2011.01.13 09:42:03 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\nHancer [2011.01.13 09:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2011.01.13 09:34:10 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation [2011.01.13 09:33:46 | 000,000,000 | ---D | C] -- C:\NVIDIA [2011.01.13 09:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon [2011.01.13 09:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\nHancer [2011.01.13 00:38:18 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\PunkBuster [2011.01.13 00:38:04 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\BFBC2 [2011.01.13 00:37:37 | 000,000,000 | RH-D | C] -- C:\Users\Fabian\AppData\Roaming\SecuROM [2011.01.12 16:07:44 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Electronic Arts [2011.01.12 16:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts [2011.01.12 16:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2011.01.12 16:07:24 | 000,000,000 | ---D | C] -- C:\Programme\Electronic Arts [2011.01.12 15:53:59 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\Ea key [2011.01.11 11:22:14 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\U3 [2011.01.09 22:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.01.09 18:55:15 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight [2011.01.04 11:45:03 | 000,000,000 | --SD | C] -- C:\Users\Fabian\Documents\Meine Shapes [2011.01.04 10:59:53 | 000,000,000 | ---D | C] -- C:\Users\Fabian\.mogwai [2011.01.01 13:42:32 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Avira ========== Files - Modified Within 30 Days ========== [2011.01.21 11:05:04 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.21 11:05:04 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.21 10:58:18 | 000,000,063 | ---- | M] () -- C:\Windows\System32\everest_cpl.ini [2011.01.21 10:57:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.21 10:56:51 | 000,000,176 | ---- | M] () -- C:\Users\Fabian\defogger_reenable [2011.01.21 10:50:25 | 000,001,078 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011.01.21 10:43:20 | 000,296,448 | ---- | M] () -- C:\Users\Fabian\Desktop\g2m3e4r.exe [2011.01.21 10:43:19 | 000,050,477 | ---- | M] () -- C:\Users\Fabian\Desktop\defogger.exe [2011.01.21 10:42:39 | 000,471,612 | ---- | M] () -- C:\Users\Fabian\Desktop\Load.exe [2011.01.20 13:07:41 | 000,138,416 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.01.20 13:07:36 | 000,270,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011.01.20 11:09:48 | 000,270,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2011.01.19 23:11:10 | 000,089,214 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.01.19 23:11:10 | 000,089,214 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.01.19 12:13:27 | 005,086,692 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.01.19 12:13:27 | 001,949,574 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.01.19 12:13:27 | 001,545,764 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.01.19 12:13:27 | 001,382,354 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.01.15 12:58:33 | 000,000,085 | -HS- | M] () -- C:\ProgramData\.zreglib [2011.01.13 00:35:53 | 000,138,056 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\PnkBstrK.sys [2011.01.13 00:35:17 | 002,434,856 | ---- | M] () -- C:\Windows\System32\pbsvc_bc2.exe [2011.01.12 00:15:42 | 000,199,066 | ---- | M] () -- C:\Users\Fabian\Documents\ts3_clientui-win32-12815-2011-01-12 00_15_39.609203.dmp [2011.01.08 04:27:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2011.01.08 04:27:00 | 000,004,756 | ---- | M] () -- C:\Windows\System32\nvinfo.pb [2011.01.04 10:30:43 | 000,000,132 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Adobe PNG Format CS5 Prefs ========== Files Created - No Company Name ========== [2011.01.21 10:56:39 | 000,000,176 | ---- | C] () -- C:\Users\Fabian\defogger_reenable [2011.01.21 10:50:25 | 000,001,078 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011.01.21 10:43:19 | 000,296,448 | ---- | C] () -- C:\Users\Fabian\Desktop\g2m3e4r.exe [2011.01.21 10:43:19 | 000,050,477 | ---- | C] () -- C:\Users\Fabian\Desktop\defogger.exe [2011.01.21 10:42:34 | 000,471,612 | ---- | C] () -- C:\Users\Fabian\Desktop\Load.exe [2011.01.13 09:34:46 | 000,004,756 | ---- | C] () -- C:\Windows\System32\nvinfo.pb [2011.01.13 00:38:27 | 000,270,904 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr [2011.01.13 00:35:53 | 000,138,416 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.01.13 00:35:53 | 000,138,056 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\PnkBstrK.sys [2011.01.13 00:35:22 | 000,270,904 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.01.13 00:35:22 | 000,270,904 | ---- | C] () -- C:\Windows\System32\PnkBstrB.ex0 [2011.01.13 00:35:17 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe [2011.01.13 00:35:17 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.01.12 00:15:39 | 000,199,066 | ---- | C] () -- C:\Users\Fabian\Documents\ts3_clientui-win32-12815-2011-01-12 00_15_39.609203.dmp [2010.11.17 12:26:19 | 000,000,067 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\f54616158.bat [2010.11.17 12:25:30 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.10.25 16:55:17 | 000,000,132 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010.10.25 13:50:12 | 000,000,132 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\Adobe GIF Format CS5 Prefs [2010.07.01 12:46:25 | 000,003,584 | ---- | C] () -- C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.05 10:18:06 | 000,000,063 | ---- | C] () -- C:\Windows\System32\everest_cpl.ini [2010.02.04 21:50:23 | 000,007,603 | ---- | C] () -- C:\Users\Fabian\AppData\Local\Resmon.ResmonCfg [2010.02.04 20:41:18 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2010.02.04 19:06:59 | 000,089,214 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.02.04 19:06:58 | 000,089,214 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2005.05.06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2010.04.25 13:17:23 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Azureus [2010.06.25 10:06:53 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010.06.22 19:43:34 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DAEMON Tools Lite [2011.01.20 20:32:07 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ICQ [2011.01.13 10:19:00 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\nHancer [2010.07.16 16:21:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OpenCandy [2010.05.11 20:51:02 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Software4u [2010.09.28 13:59:37 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Subversion [2010.02.04 18:58:39 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Thunderbird [2010.08.12 19:14:56 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TS3Client [2011.01.20 12:27:23 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TuneUp Software [2010.07.16 16:21:21 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Uniblue [2010.12.16 10:39:05 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009.06.10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2010.02.05 09:36:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010.02.05 09:36:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011.01.21 10:57:43 | 2145,452,032 | -HS- | M] () -- C:\pagefile.sys < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2009.07.14 05:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2009.07.14 05:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2009.07.14 05:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009.07.14 05:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2009.06.10 22:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2009.07.14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll [2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll [2009.07.14 02:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2009.07.14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll [2009.07.14 02:16:18 | 000,489,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\user32.dll /md5 > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2009.07.14 02:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\System32\ws2help.dll < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: WININIT.EXE > [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-21 09:17:45 ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\ICQ:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Dell Webcam Center:Roxio EMC Stream @Alternate Data Stream - 757 bytes -> C:\Users\Fabian\Documents\Re defekter Artikel.eml:OECustomProperty < End of report > Extras OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.01.2011 11:38:48 - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Fabian\Desktop\MFTools
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,43 Gb Total Space | 6,70 Gb Free Space | 9,00% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 179,99 Gb Free Space | 60,38% Space Free | Partition Type: NTFS
Computer Name: FABI | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Programme\Adobe Photoshop CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}" = QuickSet
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28A946E1-E83B-4662-BC7C-23451851489E}" = Razer Copperhead
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{32A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{449801F1-65B0-46F5-B4C5-1EF464EF7214}" = Mobile Mouse Server
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F7511FE7-BA89-4939-B2EF-A3F287B0F298}" = Logitech Gaming LCD Software 1.04
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Ask Toolbar_is1" = Ask Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CloneDVD2" = CloneDVD2
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"ICQToolbar" = ICQ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"PunkBusterSvc" = PunkBuster Services
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"VLC media player" = VLC media player 1.1.5
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"f031ef6ac137efc5" = Dell Driver Download Manager
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.01.2011 07:13:24 | Computer Name = Fabi | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 19.01.2011 07:13:24 | Computer Name = Fabi | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 19.01.2011 07:13:24 | Computer Name = Fabi | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 19.01.2011 13:33:24 | Computer Name = Fabi | Source = Bonjour Service | ID = 100
Description = 188: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 19.01.2011 13:33:24 | Computer Name = Fabi | Source = Bonjour Service | ID = 100
Description = 192: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 19.01.2011 13:33:24 | Computer Name = Fabi | Source = Bonjour Service | ID = 100
Description = 496: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 19.01.2011 17:56:31 | Computer Name = Fabi | Source = VSS | ID = 13
Description =
Error - 19.01.2011 17:56:31 | Computer Name = Fabi | Source = VSS | ID = 12292
Description =
Error - 19.01.2011 17:56:31 | Computer Name = Fabi | Source = VSS | ID = 8193
Description =
Error - 19.01.2011 17:56:31 | Computer Name = Fabi | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 21.01.2011 05:10:22 | Computer Name = Fabi | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 21.01.2011 05:17:50 | Computer Name = Fabi | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
(Definition 1.97.22.0)
Error - 21.01.2011 05:45:54 | Computer Name = Fabi | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 21.01.2011 05:46:27 | Computer Name = Fabi | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 21.01.2011 05:46:45 | Computer Name = Fabi | Source = Service Control Manager | ID = 7034
Description = Dienst "Dell Energieverwaltung der internen Netzwerkkarte" wurde unerwartet
beendet. Dies ist bereits 1 Mal passiert.
Error - 21.01.2011 05:48:16 | Computer Name = Fabi | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 21.01.2011 05:57:00 | Computer Name = Fabi | Source = DCOM | ID = 10010
Description =
Error - 21.01.2011 05:57:07 | Computer Name = Fabi | Source = Service Control Manager | ID = 7034
Description = Dienst "Dell Energieverwaltung der internen Netzwerkkarte" wurde unerwartet
beendet. Dies ist bereits 1 Mal passiert.
Error - 21.01.2011 05:58:31 | Computer Name = Fabi | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 21.01.2011 06:33:09 | Computer Name = Fabi | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
< End of report >
[/CODE] Geändert von Einsa (21.01.2011 um 12:56 Uhr) |
| Themen zu Schwarzer Bildschirm + PC läuft + im Hintergrund läuft wohl ein Video o.O |
| alternate, askbar, avgntflt.sys, bildschirm, community, corp./icp, document, einfach, einiger, erhalte, excel.exe, fontcache, geräusche, hintergrund, hoffe, iastor.sys, install.exe, komisch, launch, lautsprecher, location, locker, länger, microsoft office word, mozilla thunderbird, ntdll.dll, nvlddmkm.sys, nvstor.sys, oldtimer, pc läuft, plug-in, poste, problem, programdata, rechner, saver, schonmal, schwarz, schwarzer, schwarzer bildschirm, searchplugins, seltsames, shell32.dll, sptd.sys, start menu, stürzt, system restore, teamspeak, video, vlc media player, webcheck, welchem, werbung, werkstatt |
Baum-Darstellung