|
Plagegeister aller Art und deren Bekämpfung: kazy.mekml.1 seit gerade ebenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.04.2011, 08:49 | #1 |
| kazy.mekml.1 seit gerade eben Seit gut einer stunde bin ich von oben genanntem Trojaner betroffen es kommen immer meldungen Kritischer festplattenfehler desktop ist schwarz nur papierkorb zu sehen schnellstart usw.. alles leer habe ein wenig im forum geschaut und schonmal die logfiles mit OTL gemacht nutze den laptop im mom im abgesicherten Modus Dake schonmal OTL.txt Code:
ATTFilter OTL logfile created on: 21.04.2011 09:30:52 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = D:\Mozilla Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free 6,00 Gb Paging File | 6,00 Gb Available in Paging File | 92,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 59,09 Gb Total Space | 13,83 Gb Free Space | 23,41% Space Free | Partition Type: NTFS Drive D: | 226,00 Gb Total Space | 136,18 Gb Free Space | 60,26% Space Free | Partition Type: NTFS Computer Name: SAMSUNG | User Name: Meier | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Mozilla Downloads\OTL.exe (OldTimer Tools) PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - D:\Mozilla Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (McAfee SiteAdvisor Service) -- File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SbieSvc) -- D:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (StarWindServiceAE) -- D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE () SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (SbieDrv) -- D:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.) DRV - (GarenaPEngine) -- C:\Users\Meier\AppData\Local\Temp\EIYFBAE.tmp () DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: staff@hide-my-ip.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: speedtest@gotomyhelp.com:1.2.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: stealthyextension@gmail.com:0.8 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.03.25 18:41:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.03.25 18:41:01 | 000,000,000 | ---D | M] [2010.07.22 11:39:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Extensions [2011.04.20 16:21:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions [2010.07.23 14:11:58 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.28 18:36:36 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.07.26 14:18:16 | 000,000,000 | -H-D | M] (FIFA Online Web Launcher) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\eafo3fflauncher@ea.com [2010.08.28 13:49:49 | 000,000,000 | -H-D | M] ("Broadband Speed Test and Diagnostics") -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\speedtest@gotomyhelp.com [2011.04.07 19:28:39 | 000,000,000 | -H-D | M] (Stealthy) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\stealthyextension@gmail.com [2011.04.07 19:28:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\stealthyextension@gmail.com\chrome [2009.10.28 21:30:35 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2010.08.16 13:19:32 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010.08.19 09:56:53 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.16 20:01:37 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.11 15:52:14 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.02.04 12:16:35 | 000,000,000 | ---D | M] (Hide My IP) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\STAFF@HIDE-MY-IP.COM O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [MRtPNAFMRSnT] C:\ProgramData\MRtPNAFMRSnT.exe (WinTrust) O4 - HKCU..\Run: [PlayNC Launcher] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O8 - Extra context menu item: &Download by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube Download - C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6dfa23fb-b080-11df-968d-001583c2cefa}\Shell - "" = AutoRun O33 - MountPoints2\{6dfa23fb-b080-11df-968d-001583c2cefa}\Shell\AutoRun\command - "" = F:\Set-up.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\MTInstall.exe O33 - MountPoints2\G\Shell\directx\command - "" = G:\Redist\directx8a\dxsetup.exe O33 - MountPoints2\G\Shell\Gamespy\command - "" = G:\Redist\GameSpy\ArcadeInstallMTYCOON108c.exe O33 - MountPoints2\G\Shell\setup\command - "" = G:\MTInstall.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^Meier^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - D:\Program Files\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - D:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: EA Core - hkey= - key= - File not found MsConfig - StartUpReg: NBAgent - hkey= - key= - D:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) MsConfig - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files\Pando Networks\Media Booster\PMB.exe () MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - D:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) MsConfig - StartUpReg: SandboxieControl - hkey= - key= - D:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) MsConfig - StartUpReg: Steam - hkey= - key= - File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: USBToolTip - hkey= - key= - C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH) MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: vidc.mjpg - pvmjpg30.dll File not found Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.04.21 08:41:45 | 000,000,000 | -H-D | C] -- C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.04.21 08:32:28 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe [2011.04.15 18:13:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.04.15 16:14:32 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.15 16:14:32 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.15 16:14:14 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.15 16:14:14 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.15 16:14:14 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.15 16:14:07 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.15 16:14:07 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.15 16:14:07 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.15 16:14:07 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.15 16:14:06 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.15 16:14:06 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.15 16:14:06 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.15 16:14:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.15 16:14:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.15 16:14:06 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.15 16:14:06 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.15 16:14:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.15 16:14:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.15 16:14:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.15 16:13:54 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.15 16:13:53 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.15 16:13:49 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.15 16:13:47 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.15 16:13:44 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.15 16:13:44 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.08 12:19:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acoustica MP3 To Wave Converter Plus [2011.04.08 12:13:16 | 000,000,000 | -H-D | C] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoft [2011.03.27 08:12:11 | 000,000,000 | -H-D | C] -- C:\Users\Meier\AppData\Local\Microsoft Games [2011.03.23 13:19:21 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.03.23 13:19:21 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2010.08.25 19:59:08 | 000,004,096 | -H-- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.21 09:15:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.21 09:11:45 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 09:11:45 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 09:11:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.04.21 08:54:43 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~42589960 [2011.04.21 08:54:43 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~42589960r [2011.04.21 08:54:30 | 000,000,336 | -H-- | M] () -- C:\ProgramData\42589960 [2011.04.21 08:41:46 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~46128904 [2011.04.21 08:41:46 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~46128904r [2011.04.21 08:41:45 | 000,000,583 | -H-- | M] () -- C:\Users\Meier\Desktop\Windows Recovery.lnk [2011.04.21 08:41:36 | 000,000,336 | -H-- | M] () -- C:\ProgramData\46128904 [2011.04.21 08:32:28 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe [2011.04.21 06:52:17 | 000,632,252 | -H-- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.21 06:52:17 | 000,598,900 | -H-- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.21 06:52:17 | 000,127,464 | -H-- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.21 06:52:17 | 000,104,914 | -H-- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.20 20:32:18 | 000,171,008 | -H-- | M] () -- C:\Users\Meier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.20 16:34:59 | 000,000,370 | -H-- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2011.04.15 18:32:00 | 003,810,392 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.08 12:19:07 | 000,000,777 | -H-- | M] () -- C:\Users\Public\Desktop\Acoustica MP3 To Wave Converter PLUS.lnk [2011.04.08 12:17:05 | 000,001,032 | -H-- | M] () -- C:\Users\Meier\Desktop\DVDVideoSoft Free Studio.lnk [2011.04.08 12:17:01 | 000,000,849 | -H-- | M] () -- C:\Users\Meier\Desktop\Free Audio Converter.lnk [2011.04.03 12:14:09 | 000,015,008 | -H-- | M] () -- C:\Users\Meier\Desktop\OpenDocument Text (neu).odt [2011.04.02 13:49:46 | 000,000,915 | -H-- | M] () -- C:\Users\Meier\Desktop\Free YouTube to MP3 Converter.lnk [2011.03.27 08:39:50 | 000,000,349 | -H-- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.21 08:54:43 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~42589960 [2011.04.21 08:54:43 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~42589960r [2011.04.21 08:54:30 | 000,000,336 | -H-- | C] () -- C:\ProgramData\42589960 [2011.04.21 08:41:46 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~46128904 [2011.04.21 08:41:46 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~46128904r [2011.04.21 08:41:45 | 000,000,583 | -H-- | C] () -- C:\Users\Meier\Desktop\Windows Recovery.lnk [2011.04.21 08:41:36 | 000,000,336 | -H-- | C] () -- C:\ProgramData\46128904 [2011.04.08 12:19:07 | 000,000,777 | -H-- | C] () -- C:\Users\Public\Desktop\Acoustica MP3 To Wave Converter PLUS.lnk [2011.04.08 12:13:19 | 000,000,849 | -H-- | C] () -- C:\Users\Meier\Desktop\Free Audio Converter.lnk [2011.04.03 11:13:59 | 000,015,008 | -H-- | C] () -- C:\Users\Meier\Desktop\OpenDocument Text (neu).odt [2011.04.02 13:49:46 | 000,000,915 | -H-- | C] () -- C:\Users\Meier\Desktop\Free YouTube to MP3 Converter.lnk [2011.04.02 13:17:36 | 000,000,370 | -H-- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.11.07 20:54:46 | 000,000,010 | -H-- | C] () -- C:\Windows\popcinfo.dat [2010.10.31 15:25:58 | 000,001,666 | -H-- | C] () -- C:\Windows\Sandboxie.ini [2010.10.25 14:48:52 | 000,000,331 | -H-- | C] () -- C:\Windows\SIERRA.INI [2010.10.25 10:20:49 | 000,000,556 | -H-- | C] () -- C:\Windows\ODBC.INI [2010.10.14 02:36:44 | 000,179,263 | -H-- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.09.24 21:47:43 | 000,000,069 | -H-- | C] () -- C:\Windows\NeroDigital.ini [2010.08.25 20:30:02 | 000,439,308 | -H-- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.08.25 20:30:00 | 000,982,240 | -H-- | C] () -- C:\Windows\System32\igkrng500.bin [2010.08.25 20:30:00 | 000,092,356 | -H-- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.08.25 19:57:00 | 000,000,151 | -H-- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.08.25 19:52:00 | 000,208,896 | -H-- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.08.25 19:52:00 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\iglhcp32.dll [2010.08.24 17:46:00 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2010.08.03 15:14:30 | 000,233,472 | -H-- | C] () -- C:\Windows\System32\MafiaSetup.exe [2010.07.26 14:20:42 | 000,139,152 | -H-- | C] () -- C:\Users\Meier\AppData\Roaming\PnkBstrK.sys [2010.07.26 10:58:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.07.26 10:58:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.07.25 18:36:29 | 000,171,008 | -H-- | C] () -- C:\Users\Meier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.24 16:11:17 | 000,000,013 | -H-- | C] () -- C:\Users\Meier\AppData\Roaming\Update.cfg [2010.07.23 21:15:01 | 001,970,176 | -H-- | C] () -- C:\Windows\System32\d3dx9.dll [2010.07.22 11:38:52 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat [2009.08.03 00:21:54 | 000,197,912 | -H-- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.08.03 00:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.08.03 00:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.07.24 05:49:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.07.24 05:20:06 | 000,307,200 | -H-- | C] () -- C:\Windows\SetDisplayResolution.exe [2009.07.24 05:19:37 | 000,000,135 | RH-- | C] () -- C:\Windows\System32\lngEng.ini [2009.07.24 05:19:37 | 000,000,117 | -H-- | C] () -- C:\Windows\System32\lngKor.ini [2009.07.24 05:17:29 | 000,004,280 | -H-- | C] () -- C:\Windows\HotFixList.ini [2009.07.24 05:17:08 | 000,073,728 | -H-- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.07.24 03:52:31 | 000,632,252 | -H-- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.24 03:52:31 | 000,290,748 | -H-- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.24 03:52:31 | 000,127,464 | -H-- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.24 03:52:31 | 000,036,916 | -H-- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.24 03:35:48 | 001,060,424 | -H-- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2009.07.24 03:35:40 | 000,147,456 | -H-- | C] () -- C:\Windows\System32\igfxCoIn_v1540.dll [2009.07.24 03:35:40 | 000,147,172 | -H-- | C] () -- C:\Windows\System32\igfcg550.bin [2008.02.09 18:03:07 | 000,024,576 | -H-- | C] () -- C:\Windows\System32\drivers\Marker.exe [2007.02.26 09:49:12 | 006,139,774 | -H-- | C] () -- C:\Windows\imagine digital freedom.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 003,810,392 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,598,900 | -H-- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,914 | -H-- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010.11.06 17:51:20 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Alawar [2010.11.06 13:48:43 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Boomzap [2010.07.28 14:33:16 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Canneverbe Limited [2010.09.21 12:05:49 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Canon [2010.09.16 20:16:01 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2010.09.11 13:43:49 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Command and Conquer 4 [2010.08.31 22:07:41 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DAEMON Tools Pro [2011.04.08 12:13:16 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoft [2011.04.02 13:50:02 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers [2010.07.24 23:31:46 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\GrabPro [2010.08.22 16:18:53 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ICQ [2010.07.24 01:57:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\MessengerGadget [2010.11.06 15:52:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\My Games [2010.09.05 11:58:06 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Need for Speed World [2010.08.16 13:24:03 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\OpenOffice.org [2011.04.20 21:11:11 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Orbit [2010.12.23 12:02:47 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Process Hacker 2 [2010.07.24 23:32:31 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ProgSense [2010.08.05 12:47:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010.11.06 19:12:24 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Super-Cow [2010.10.01 19:29:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Zylom [2011.04.20 16:34:59 | 000,000,370 | -H-- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2011.04.21 09:11:45 | 000,032,582 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.08.05 12:30:26 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Adobe [2010.08.05 12:47:19 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Adobe Mini Bridge CS5 [2010.11.06 17:51:20 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Alawar [2010.11.17 13:17:12 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ArcSoft [2010.07.22 12:56:35 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Avira [2010.11.06 13:48:43 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Boomzap [2010.07.28 14:33:16 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Canneverbe Limited [2010.09.21 12:05:49 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Canon [2010.09.16 20:16:01 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2010.09.11 13:43:49 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Command and Conquer 4 [2010.08.31 22:07:41 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DAEMON Tools Pro [2010.08.03 08:46:19 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DivX [2011.04.08 12:13:16 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoft [2011.04.02 13:50:02 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers [2010.07.24 23:31:46 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\GrabPro [2010.08.22 16:18:53 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ICQ [2010.10.01 19:29:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Identities [2010.07.22 12:32:40 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\InstallShield [2010.07.22 11:24:25 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Macromedia [2006.11.02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Media Center Programs [2010.07.24 01:57:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\MessengerGadget [2010.08.31 21:52:09 | 000,000,000 | --SD | M] -- C:\Users\Meier\AppData\Roaming\Microsoft [2010.07.22 11:39:02 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Mozilla [2010.11.06 15:52:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\My Games [2010.09.05 11:58:06 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Need for Speed World [2010.08.04 15:49:54 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Nero [2010.08.16 13:24:03 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\OpenOffice.org [2011.04.20 21:11:11 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Orbit [2010.12.23 12:02:47 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Process Hacker 2 [2010.07.24 23:32:31 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ProgSense [2010.08.05 12:47:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010.11.06 19:12:24 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Super-Cow [2010.11.28 12:28:35 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\vlc [2010.07.22 14:07:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\WinRAR [2010.10.01 19:29:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Zylom < %APPDATA%\*.exe /s > [2010.08.04 20:26:52 | 000,038,784 | -H-- | M] () -- C:\Users\Meier\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.11.27 14:57:02 | 000,029,926 | RH-- | M] () -- C:\Users\Meier\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe [2010.08.31 21:52:09 | 000,010,134 | RH-- | M] () -- C:\Users\Meier\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | -H-- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2009.02.11 10:26:18 | 000,407,576 | -H-- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.02.11 10:11:50 | 000,329,752 | -H-- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009.02.11 10:11:50 | 000,329,752 | -H-- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys [2009.02.11 10:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | -H-- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | -H-- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | -H-- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | -H-- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | -H-- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | -H-- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | -H-- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 21.04.2011 09:30:52 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = D:\Mozilla Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free 6,00 Gb Paging File | 6,00 Gb Available in Paging File | 92,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 59,09 Gb Total Space | 13,83 Gb Free Space | 23,41% Space Free | Partition Type: NTFS Drive D: | 226,00 Gb Total Space | 136,18 Gb Free Space | 60,26% Space Free | Partition Type: NTFS Computer Name: SAMSUNG | User Name: Meier | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- D:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\Program Files\Orbitdownloader\orbitdm.exe" = D:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "D:\Program Files\Orbitdownloader\orbitnet.exe" = D:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{14F3A794-E653-4742-87A0-E0D9B74A1150}" = lport=2300 | protocol=17 | dir=in | name=wolfteam port | "{208A00FA-10A6-4584-BDF6-B84153B8D04B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{20D028DC-E2FF-4AA2-BAE6-D57BEA8198C4}" = lport=445 | protocol=6 | dir=in | app=system | "{3CF4BAE3-B7A8-420C-9F33-1E3E5BE7E104}" = lport=13000 | protocol=17 | dir=in | name=hockeydash | "{56BBB4AF-1C79-49AD-BA89-69A78E1BA809}" = rport=137 | protocol=17 | dir=out | app=system | "{5E81563F-F878-45A1-ABC2-53A78BBF2EC8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{60F82C58-B1F5-430D-B939-695ADBE7913D}" = lport=137 | protocol=17 | dir=in | app=system | "{7825D50A-BC25-4214-9FF6-5F5DA05758BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{78A0BE29-B16C-4D3C-8DFD-617697596852}" = rport=139 | protocol=6 | dir=out | app=system | "{80CAAB0C-C66C-4B58-BB5E-ADEAAB104BE3}" = lport=49158 | protocol=6 | dir=in | name=akamai netsession interface | "{83C4E23B-E6B4-48FF-B3AB-F3B8C078A9DA}" = rport=138 | protocol=17 | dir=out | app=system | "{B5A334D3-744D-4556-9DE4-ED2280B3527D}" = rport=445 | protocol=6 | dir=out | app=system | "{BA9C339F-776C-48CA-8F3C-9CABA20A0AC5}" = lport=2869 | protocol=6 | dir=in | app=system | "{C5D50928-0BDF-4E0D-A9C9-78DC6296097D}" = lport=139 | protocol=6 | dir=in | app=system | "{E15B5776-2905-4B62-806C-E92D836B8C14}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{E839F652-3F03-47EF-822A-87177B51B29E}" = lport=8500 | protocol=6 | dir=in | name=hockeydash | "{EDA4BBDD-1E33-4B4C-83ED-256B45259F11}" = lport=138 | protocol=17 | dir=in | app=system | "{F11A2D0C-81E9-4DF8-A381-3F1EAA9F44FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{031E18BE-36FA-46DA-955C-BEC759A44F1E}" = protocol=17 | dir=in | app=d:\program files\gamigo ag\levelr\levelr.bin | "{14482ABA-8BA3-45D7-AE86-B5AD8BBC91FC}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{145BCCAE-FF8C-4C68-8D62-3BFAD7B090AD}" = protocol=17 | dir=in | app=d:\program files\icq7.2\icq.exe | "{18918E82-3E45-42B0-B765-5BF014E12EAD}" = protocol=6 | dir=in | app=d:\program files\ogplanet\hockeydash\hockeydash.exe | "{28DB716E-D044-41C8-BC84-D0746782E0EF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{29DE2C06-67AF-4ECB-99CD-D144FDDE8A51}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{3D17E532-8C8A-41E9-8AC5-091711619F9F}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\alien swarm\srcds.exe | "{41FB5A3B-B8DB-4F89-BE04-B0C50FD174FD}" = protocol=6 | dir=in | app=d:\program files\icq7.2\icq.exe | "{4E64293B-AD1C-47A1-83A9-99B3BB6DE2F8}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{4FEC96A0-E32B-4EB8-ADBD-886F5D907146}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{509C77DC-CDA7-4143-8FE5-73C9AFF929E1}" = protocol=6 | dir=in | app=d:\program files\pinnacle\studio 14\programs\studio.exe | "{5A721190-AF02-4F9C-BFE0-4BA4C969A297}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5CAB55F0-198A-494F-A879-D1DAC471E84F}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe | "{625A5FCC-ABAB-47C7-9EE1-1F3B9DCE7DF2}" = protocol=17 | dir=in | app=d:\aeriagames\wolfteam-de\launcher.exe | "{63160B43-9B30-442C-921F-7A38C30F4E12}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\alien swarm\srcds.exe | "{708A77A5-9AD9-4C9C-A64F-495E9E1A351B}" = protocol=17 | dir=in | app=d:\program files\pinnacle\studio 14\programs\studio.exe | "{75EC1325-75C3-468B-AE34-AE7FC32CE0A3}" = protocol=17 | dir=in | app=d:\program files\ogplanet\hockeydash\hockeydash.exe | "{7945870D-0B0A-44D5-89C7-2D466FC1206F}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe | "{79739634-264F-4246-85CB-8AF22DC10AEA}" = protocol=6 | dir=in | app=d:\program files\icq7.2\icq.exe | "{7A9A1701-68FA-481A-9269-AF3ABA85252E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{7E062F10-FDFB-4AE7-89EB-0B020A64E833}" = protocol=6 | dir=in | app=d:\program files\pinnacle\studio 14\programs\rm.exe | "{7F3B7155-E63D-4C45-8D83-967F583CF909}" = protocol=6 | dir=in | app=d:\program files\pinnacle\studio 14\programs\umi.exe | "{8827AF14-989F-414A-BB3B-DE1FFC28085F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{90E5B175-8DDE-4517-B3C6-46821AD32383}" = protocol=17 | dir=in | app=d:\program files\icq7.2\aolload.exe | "{938A1A2D-A5D3-42E2-A824-3E69ACE5FD02}" = protocol=17 | dir=in | app=d:\program files\icq7.2\aolload.exe | "{96B2DA6E-944D-4046-8459-13BE12E2C60A}" = protocol=17 | dir=in | app=d:\program files\pinnacle\studio 14\programs\umi.exe | "{9953B4B4-41BC-4A60-B4D0-51A475A464DA}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{9B4FAF45-F301-4EB6-9DE1-F6295DBA383C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9CE18D3A-760D-4754-95DD-5F41135D0EE8}" = protocol=6 | dir=in | app=d:\program files\gamigo ag\levelr\levelr.bin | "{ABC33052-224A-49F2-B049-B86AA22C87B0}" = protocol=6 | dir=in | app=d:\program files\icq7.2\aolload.exe | "{AC6DDA29-085F-4E2E-9C94-3A7A9B19D86E}" = protocol=6 | dir=in | app=d:\program files\icq7.2\aolload.exe | "{B43C8941-CE32-4207-9358-27C1961DE26C}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{C629D4C0-D0E2-47D5-85A1-AB690BF75CD2}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{C6306FD0-9544-4525-AD7D-A567006CB5DA}" = protocol=17 | dir=in | app=d:\program files\icq7.2\aolload.exe | "{CEE6AA81-8DAE-4CB6-9155-A8EFF12F20E6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{D0A768C8-4813-4B16-95DE-E0B509741A6D}" = protocol=17 | dir=in | app=d:\program files\icq7.2\icq.exe | "{D18788D9-C34A-4C6D-9019-2FE674E1B734}" = protocol=17 | dir=in | app=d:\program files\pinnacle\studio 14\programs\rm.exe | "{D64072C8-B969-4D70-B509-80C5E36E3F5D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{E04A4866-9913-4593-9AC2-39B34D64186D}" = protocol=6 | dir=in | app=d:\program files\icq7.2\icq.exe | "{E62D4474-897C-4754-86CF-ACF4C3EF0F58}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{E95772DD-A2D3-46D0-83F6-E146AA9101A8}" = protocol=6 | dir=in | app=d:\program files\icq7.2\aolload.exe | "{E99363F6-9838-4A88-B24F-F17827D7BB6A}" = protocol=6 | dir=in | app=d:\aeriagames\wolfteam-de\launcher.exe | "{EA7CD89E-9DF4-4587-945C-7214063469EB}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{ED0F6723-DF8E-4F8D-9ED9-199A13462D46}" = protocol=17 | dir=in | app=d:\program files\icq7.2\icq.exe | "{F619090B-946A-453A-989F-D821D70C4C00}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F9711B46-B28B-433E-BBF6-AE0DDA226F1C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "TCP Query User{0154C858-B048-4274-BB52-4E2BED70EA39}D:\program files\garena\garena.exe" = protocol=6 | dir=in | app=d:\program files\garena\garena.exe | "TCP Query User{0C912525-BBD0-4D72-84B3-4D8E2F9F7D05}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{2049B93A-BC75-44D8-A749-91B1F6FBB0FC}D:\program files\ea sports\fifa online\nfe.exe" = protocol=6 | dir=in | app=d:\program files\ea sports\fifa online\nfe.exe | "TCP Query User{20DAB239-6877-4B28-9A7F-B6AC503BAB75}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{2B9257CA-A7A7-442E-B137-FD0483EA2322}D:\program files\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=6 | dir=in | app=d:\program files\command & conquer 4 tiberian twilight\data\cnc4.game | "TCP Query User{2F3C5C8D-EE19-4057-AEAE-FC3A71F28505}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | "TCP Query User{4C8B99BF-8106-42CE-881E-AAEEC388D511}D:\program files\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=d:\program files\left 4 dead\left4dead.exe | "TCP Query User{6F1124EE-844F-41D6-B384-492B7539FE4E}D:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=d:\program files\atari\test drive unlimited\testdriveunlimited.exe | "TCP Query User{765D6057-E03D-4F06-A3A8-D53435162FFB}D:\aeriagames\rohan\rohanclient.exe" = protocol=6 | dir=in | app=d:\aeriagames\rohan\rohanclient.exe | "TCP Query User{DF306364-8A97-458B-ADA7-61BFE493432F}D:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=6 | dir=in | app=d:\aeriagames\wolfteam-de\wolfteam.bin | "TCP Query User{E3168FDA-A813-4D8B-820A-469E05E29203}D:\program files\steamless left4dead2 pack\left4dead2.exe" = protocol=6 | dir=in | app=d:\program files\steamless left4dead2 pack\left4dead2.exe | "TCP Query User{ED95F4BC-19A0-43E2-9D47-D97AB9EDA5C0}D:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\eadm\core.exe | "TCP Query User{F227E3F9-3DC5-406A-BD5F-47B7980A34DB}D:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=d:\program files\orbitdownloader\orbitnet.exe | "UDP Query User{331ADF06-E73E-427E-92B5-C5BAE3FDB54B}D:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=d:\program files\atari\test drive unlimited\testdriveunlimited.exe | "UDP Query User{4FD0CE6F-EF8C-46F0-9294-E1E0F27A3B2B}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | "UDP Query User{59E10071-A191-496E-9474-C24026D83D7F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{695EE8C5-EB83-490E-869B-8251A447645C}D:\program files\garena\garena.exe" = protocol=17 | dir=in | app=d:\program files\garena\garena.exe | "UDP Query User{6BD876F0-8478-4344-A385-087E35512EE5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{7141627E-FB5D-46FB-B374-C031D4C8AC09}D:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=17 | dir=in | app=d:\aeriagames\wolfteam-de\wolfteam.bin | "UDP Query User{7316A955-D8A0-47E0-A9ED-BB2D909C1A95}D:\aeriagames\rohan\rohanclient.exe" = protocol=17 | dir=in | app=d:\aeriagames\rohan\rohanclient.exe | "UDP Query User{7888E5C5-AE5F-4910-801C-C404E2E2777A}D:\program files\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=17 | dir=in | app=d:\program files\command & conquer 4 tiberian twilight\data\cnc4.game | "UDP Query User{789E9993-519A-4E23-A517-42865290795A}D:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\eadm\core.exe | "UDP Query User{9B3958B9-2089-4533-A191-6A0383A95B7A}D:\program files\ea sports\fifa online\nfe.exe" = protocol=17 | dir=in | app=d:\program files\ea sports\fifa online\nfe.exe | "UDP Query User{9D723CFA-0C83-4FEA-B59D-D43712C1ADC0}D:\program files\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=d:\program files\left 4 dead\left4dead.exe | "UDP Query User{BF690DF6-727A-4984-AB2D-20010F9B7D22}D:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=d:\program files\orbitdownloader\orbitnet.exe | "UDP Query User{E95C6208-AE70-4F61-8F64-F9D9517BED7D}D:\program files\steamless left4dead2 pack\left4dead2.exe" = protocol=17 | dir=in | app=d:\program files\steamless left4dead2 pack\left4dead2.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2 "{1B3EC2E9-67E3-4D10-B1B8-BD71D7DC8930}" = Eternia LastChaos "{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10 "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 22 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{3832FA99-2EDD-41E0-94AD-FBF9FABAFEF9}" = Atheros WLAN Client "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM) "{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10 "{68CAE442-579C-4D84-AA5F-253852522ED5}" = PCTroubleshooting "{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{8043219B-D2C0-4561-90AB-3F1113ED5A87}" = HERRSCHER DES OLYMP - ZEUS & HERRSCHER von ATLANTIS - POSEIDON "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{852019C5-8AF7-4ECF-BB25-79AE53FBD245}_is1" = Strassenbau Simulator 1.2.16 "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5 "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2 "{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10 "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10 "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender "{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14 "{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B975F4A1-63B6-11D4-BFEC-005004AF2D32}" = Monopoly Tycoon "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DAB2778A-31C8-43CC-98C9-FF9FE2842D55}" = Eternia LastChaos "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10 "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10 "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM) "{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Acoustica MP3 To Wave Converter PLUS" = Acoustica MP3 To Wave Converter PLUS "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program "CanonSolutionMenu" = Canon Utilities Solution Menu "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DivX Setup.divx.com" = DivX-Setup "EAX Unified" = EAX Unified "FLAC" = FLAC 1.2.1b (remove only) "Fraps" = Fraps (remove only) "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free Audio Converter_is1" = Free Audio Converter version 2.2.16.324 "Free YouTube Download_is1" = Free YouTube Download 2.8 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "IsoBuster_is1" = IsoBuster 2.8 "JDownloader" = JDownloader "Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio "Left 4 Dead" = Left 4 Dead "Magic Bullet Looks Studio" = Magic Bullet Looks Studio "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Monopoly Deluxe" = Monopoly Deluxe "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "MP Navigator EX 2.0" = Canon MP Navigator EX 2.0 "OpenAL" = OpenAL "Orbit_is1" = Orbit Downloader "PowerISO" = PowerISO "PROHYBRIDR" = 2007 Microsoft Office system "Red Giant ToonIt Studio" = Red Giant ToonIt Studio "Sandboxie" = Sandboxie 3.50 "Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver "SystemRequirementsLab" = System Requirements Lab "Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio "Trapcode Particular Studio" = Trapcode Particular Studio "Trapcode Shine Studio" = Trapcode Shine Studio "Uninstall_is1" = Uninstall 1.0.0.1 "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 1.1.5 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
21.04.2011, 10:20 | #2 | |||
/// Helfer-Team | kazy.mekml.1 seit gerade eben Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Fixen mit OTL
Code:
ATTFilter :OTL [2011.04.21 08:32:28 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe [2011.04.21 08:54:43 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~42589960 [2011.04.21 08:54:43 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~42589960r [2011.04.21 08:54:30 | 000,000,336 | -H-- | M] () -- C:\ProgramData\42589960 [2011.04.21 08:41:46 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~46128904 [2011.04.21 08:41:46 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~46128904r [2011.04.21 08:41:45 | 000,000,583 | -H-- | M] () -- C:\Users\Meier\Desktop\Windows Recovery.lnk [2011.04.21 08:41:36 | 000,000,336 | -H-- | M] () -- C:\ProgramData\46128904 [2010.07.25 18:36:29 | 000,171,008 | -H-- | C] () -- C:\Users\Meier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini :Commands [purity] [emptytemp]
► Kannst Du den Rechner im normalen Modus starten? 2. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
3. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool Ccleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein 4. Erneut ein OTL-Log erstellen und posten:-> OTL-Anleitung Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußCoverflow
__________________ |
21.04.2011, 11:53 | #3 |
| kazy.mekml.1 seit gerade eben so habe mal die schritte befolgt
__________________1. die logfile nach dem OTL Fix Code:
ATTFilter All processes killed ========== OTL ========== C:\ProgramData\MRtPNAFMRSnT.exe moved successfully. C:\ProgramData\~42589960 moved successfully. C:\ProgramData\~42589960r moved successfully. C:\ProgramData\42589960 moved successfully. C:\ProgramData\~46128904 moved successfully. C:\ProgramData\~46128904r moved successfully. C:\Users\Meier\Desktop\Windows Recovery.lnk moved successfully. C:\ProgramData\46128904 moved successfully. C:\Users\Meier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Meier ->Temp folder emptied: 2039556687 bytes ->Temporary Internet Files folder emptied: 52310758 bytes ->Java cache emptied: 15277899 bytes ->FireFox cache emptied: 122729510 bytes ->Flash cache emptied: 192360 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 3103210 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 44816246 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 2.173,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04212011_122647 Files\Folders moved on Reboot... Registry entries deleted on Reboot... 2. Malewarebytes LOG Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6412 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 21.04.2011 12:43:07 mbam-log-2011-04-21 (12-43-07).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 155575 Laufzeit: 5 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) 3. Ccleaner LOG Code:
ATTFilter 2007 Microsoft Office system Microsoft Corporation 22.07.2010 491MB 12.0.6425.1000 Acoustica MP3 To Wave Converter PLUS Acoustica, Inc. 07.04.2011 5,09MB 2.5 Adobe AIR Adobe Systems Inc. 03.08.2010 30,7MB 1.5.3.9120 Adobe Community Help Adobe Systems Incorporated 03.08.2010 2,52MB 3.0.0.400 Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 03.10.2010 10.1.85.3 Adobe Flash Player 10 Plugin Adobe Systems Incorporated 02.10.2010 10.1.85.3 Adobe Media Player Adobe Systems Incorporated 03.08.2010 2,70MB 1.8 Adobe Photoshop CS5 Adobe Systems Incorporated 03.08.2010 1.559MB 12.0 Adobe Reader 9.4.0 - Deutsch Adobe Systems Incorporated 13.11.2010 164,1MB 9.4.0 Adobe Shockwave Player 11.5 Adobe Systems, Inc. 07.10.2010 8,67MB 11.5.8.612 Adobe SVG Viewer 3.0 24.10.2010 4,78MB 3.0 ArcSoft PhotoStudio 5.5 ArcSoft 20.09.2010 25,2MB Atheros WLAN Client WLAN 23.07.2009 1,27MB 14.00.0000 Avira AntiVir Personal - Free Antivirus Avira GmbH 17.03.2011 105,6MB 10.0.0.635 BatteryLifeExtender Samsung 23.07.2009 4,71MB 1.0.0 Canon MP Navigator EX 2.0 20.09.2010 69,5MB Canon Utilities Solution Menu 20.09.2010 1,93MB CanoScan LiDE 200 Scanner Driver 20.09.2010 CCleaner Piriform 20.04.2011 3,60MB 3.05 Cheat Engine 5.6.1 Dark Byte 08.12.2010 15,6MB CyberLink YouCam CyberLink Corp. 10.09.2009 78,1MB 2.0.2706 DHTML Editing Component Microsoft Corporation 02.10.2010 0,45MB 6.02.0001 DivX-Setup DivX, Inc. 28.07.2010 2,12MB 1.0.2.23 Easy Battery Manager Samsung 23.07.2009 5,59MB 3.2.1.7 Easy Display Manager Samsung Electronics Co., Ltd. 23.07.2009 14,0MB 2.3 Easy Network Manager Samsung 23.07.2009 19,1MB 4.0.2 Easy SpeedUp Manager 23.07.2009 3,68MB 2.0.2.6 EAX Unified 02.08.2010 8,00KB Eternia LastChaos Eternia Games 04.01.2011 2.636MB 2.0.0 FLAC 1.2.1b (remove only) Xiph.org 18.02.2011 0,98MB 1.2.1b Fraps (remove only) 22.07.2010 1.890MB Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 01.04.2011 3,11MB Free Audio Converter version 2.2.16.324 DVDVideoSoft Limited. 07.04.2011 7,79MB Free YouTube Download 2.8 DVDVideoSoft Limited. 27.07.2010 3,24MB Free YouTube to MP3 Converter version 3.9.35.324 DVDVideoSoft Limited. 01.04.2011 3,52MB HERRSCHER DES OLYMP - ZEUS & HERRSCHER von ATLANTIS - POSEIDON 24.10.2010 12,0MB ICQ7.2 ICQ 26.07.2010 46,9MB 7.2 imagine digital freedom - Samsung Samsung Electronics Co. Ltd., 23.07.2009 7,50MB 1.0.2.2 Inkjet Printer/Scanner Extended Survey Program 20.09.2010 0,95MB Intel(R) Graphics Media Accelerator Driver Intel Corporation 23.07.2009 Intel® Matrix Storage Manager Intel Corporation 23.07.2009 4,80MB IsoBuster 2.8 Smart Projects 28.07.2010 10,4MB 2.8 Java(TM) 6 Update 22 Sun Microsystems, Inc. 15.08.2010 293MB 6.0.220 JDownloader AppWork UG (haftungsbeschränkt) 30.07.2010 56,0MB 0.89 Knoll Light Factory EZ Studio 26.11.2010 Left 4 Dead Valve 30.07.2010 4,17MB Magic Bullet Looks Studio 26.11.2010 Malwarebytes' Anti-Malware Malwarebytes Corporation 20.04.2011 4,80MB Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 22.07.2010 37,0MB Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 21.07.2010 37,0MB Microsoft .NET Framework 4 Client Profile Microsoft Corporation 01.11.2010 120,3MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 01.11.2010 24,5MB 4.0.30319 Microsoft Games for Windows - LIVE Microsoft Corporation 16.11.2010 6,01MB 3.4.54.0 Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 16.11.2010 31,3MB 3.4.18.0 Microsoft Office 2003 Web Components Microsoft Corporation 15.09.2010 21,7MB 11.0.8003.0 Microsoft Office 2007 Primary Interop Assemblies Microsoft Corporation 14.04.2011 7,23MB 12.0.4518.1014 Microsoft Office Small Business Connectivity Components Microsoft Corporation 10.09.2009 0,15MB 2.0.7024.0 Microsoft Office Suite Activation Assistant Microsoft Corporation 10.09.2009 8,37MB 2.9 Microsoft Primary Interoperability Assemblies 2005 Microsoft Corporation 03.08.2010 7,77MB 8.0.50727.42 Microsoft SQL Server Native Client Microsoft Corporation 10.09.2009 2,60MB 9.00.3042.00 Microsoft SQL Server VSS Writer Microsoft Corporation 10.09.2009 0,69MB 9.00.3042.00 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 26.07.2010 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 30.08.2010 0,41MB 8.0.59193 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 23.09.2010 1,41MB 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 23.07.2009 0,58MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 21.07.2010 0,58MB 9.0.30729.4148 Microsoft WSE 3.0 Runtime Microsoft Corp. 30.08.2010 0,92MB 3.0.5305.0 Monopoly Deluxe Zylom Games 30.09.2010 20,3MB 1.0.0 Monopoly Tycoon 05.10.2010 3,21MB Mozilla Firefox (3.6.16) Mozilla 24.03.2011 32,7MB 3.6.16 (de) MSXML 4.0 SP2 (KB927978) Microsoft Corporation 04.08.2010 34,00KB 4.20.9841.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 04.08.2010 34,00KB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 04.08.2010 1,34MB 4.20.9876.0 NCsoft Launcher NCsoft 21.07.2010 11,5MB 1.5.7000 Nero BackItUp 10 Nero AG 03.08.2010 107,6MB 5.4.11600.19.100 Nero Burning ROM 10 Nero AG 03.08.2010 162,3MB 10.0.11100.10.100 Nero BurnRights 10 Nero AG 03.08.2010 6,42MB 4.0.11000.12.100 Nero CoverDesigner 10 Nero AG 03.08.2010 77,1MB 5.0.10900.11.100 Nero DiscCopy Gadget 10 Nero AG 03.08.2010 35,4MB 3.0.10700.9.100 Nero DiscSpeed 10 Nero AG 03.08.2010 7,47MB 6.0.10800.7.100 Nero Express 10 Nero AG 03.08.2010 159,5MB 10.0.11000.10.100 Nero InfoTool 10 Nero AG 03.08.2010 8,07MB 7.0.10800.8.100 Nero MediaHub 10 Nero AG 03.08.2010 158,0MB 1.0.13400.11.100 Nero Multimedia Suite 10 Nero AG 03.08.2010 1.369MB 10.0.13100 Nero Recode 10 Nero AG 03.08.2010 80,0MB 4.6.10900.4.100 Nero RescueAgent 10 Nero AG 03.08.2010 6,83MB 3.0.10900.9.100 Nero SoundTrax 10 Nero AG 03.08.2010 95,6MB 4.6.10600.2.100 Nero StartSmart 10 Nero AG 03.08.2010 110,2MB 10.0.11200.12.100 Nero Update Nero AG 03.08.2010 1,42MB 1.0.0017 Nero Vision 10 Nero AG 03.08.2010 214MB 7.0.11100.8.100 Nero WaveEditor 10 Nero AG 03.08.2010 76,6MB 5.6.10600.2.100 NVIDIA PhysX NVIDIA Corporation 28.07.2010 120,1MB 9.09.0814 OpenAL 28.07.2010 0,77MB OpenOffice.org 3.2 OpenOffice.org 15.08.2010 370MB 3.2.9483 Orbit Downloader www.orbitdownloader.com 16.03.2011 13,0MB Pando Media Booster Pando Networks Inc. 07.09.2010 6,70MB 2.3.4.1 PCTroubleshooting Samsung Electronics Co.,LTD. 10.09.2009 1,93MB 2.0.0.4 Pinnacle Studio 14 Pinnacle Systems 26.11.2010 2.030MB 14.0.0.7255 Pinnacle Studio Ultimate Collection Plugins Pinnacle Systems 26.11.2010 167,8MB 14.0.0.7255 Pinnacle Video Treiber Pinnacle Systems 26.11.2010 4,96MB 12.1.0.030 PowerISO PowerISO Computing, Inc. 30.08.2010 3,93MB 4.7 Realtek 8136 8168 8169 Ethernet Driver Realtek 23.07.2009 2,07MB 1.00.0004 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 23.07.2009 10,5MB 6.0.1.5837 Red Giant ToonIt Studio 26.11.2010 Samsung Magic Doctor Samsung Electronics Co., LTD 23.07.2009 15,8MB 5.0 Samsung Recovery Solution III Samsung 23.07.2009 43,0MB 3.0.0.9 Samsung Update Plus Samsung Electronics Co., Ltd. 23.07.2009 7,85MB 2.0 Sandboxie 3.50 30.10.2010 2,84MB Steamless Left4Dead2 Pack Steamless 31.07.2010 7.271MB 1.0 Strassenbau Simulator 1.2.16 UIG GmbH 10.08.2010 502MB Synaptics Pointing Device Driver Synaptics 23.07.2009 14,0MB 11.1.3.2 System Requirements Lab 02.08.2010 1,59MB System Requirements Lab CYRI Husdawg, LLC 17.09.2010 0,50MB 4.3.1.0 Trapcode 3DStroke Studio 26.11.2010 Trapcode Particular Studio 26.11.2010 Trapcode Shine Studio 26.11.2010 Turbo Lister 2 eBay Inc. 02.10.2010 82,5MB 2.00.0000 Uninstall 1.0.0.1 07.04.2011 30,8MB Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Microsoft Corporation 10.09.2009 25,1MB 9.00.3042.00 User Guide 23.07.2009 141,6MB 1.0 VirtualCloneDrive Elaborate Bytes 30.08.2010 2,31MB VLC media player 1.1.5 VideoLAN 22.11.2010 84,5MB 1.1.5 Windows Live Essentials Microsoft Corporation 21.07.2010 43,9MB 14.0.8117.0416 Windows Live ID Sign-in Assistant Microsoft Corporation 16.11.2010 4,69MB 6.500.3165.0 Windows Live-Uploadtool Microsoft Corporation 21.07.2010 0,22MB 14.0.8014.1029 WinRAR 21.07.2010 3,79MB OTL.txt Code:
ATTFilter OTL logfile created on: 21.04.2011 12:45:21 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = D:\Mozilla Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 59,09 Gb Total Space | 12,60 Gb Free Space | 21,33% Space Free | Partition Type: NTFS Drive D: | 226,00 Gb Total Space | 136,17 Gb Free Space | 60,25% Space Free | Partition Type: NTFS Computer Name: SAMSUNG | User Name: Meier | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.21 09:22:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Mozilla Downloads\OTL.exe PRC - [2011.03.25 18:40:59 | 000,912,344 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011.03.18 12:23:21 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.12.10 10:57:11 | 000,435,368 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avscan.exe PRC - [2010.11.03 09:51:01 | 000,135,336 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.03 09:50:59 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.10.18 00:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- D:\Program Files\Sandboxie\SbieSvc.exe PRC - [2010.04.20 14:26:44 | 000,300,912 | -H-- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe PRC - [2010.03.25 14:39:22 | 000,490,280 | -H-- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2009.05.28 08:06:56 | 000,548,864 | -H-- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009.05.15 08:47:58 | 000,692,224 | -H-- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.12.10 09:07:52 | 000,352,256 | -H-- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe PRC - [2008.08.26 02:59:54 | 000,045,056 | -H-- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe PRC - [2008.01.22 19:35:52 | 000,103,808 | -H-- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe ========== Modules (SafeList) ========== MOD - [2011.04.21 09:22:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Mozilla Downloads\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (McAfee SiteAdvisor Service) SRV - [2011.03.18 12:23:21 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.03 09:51:01 | 000,135,336 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.10.18 00:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- D:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2010.06.07 12:22:00 | 003,549,224 | -H-- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2010.03.25 14:39:22 | 000,490,280 | -H-- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.02.19 13:37:14 | 000,517,096 | -H-- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2008.01.22 19:35:52 | 000,103,808 | -H-- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.03.18 12:23:21 | 000,137,656 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.23 10:09:58 | 000,061,960 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.10.18 00:42:34 | 000,124,648 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- D:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2010.09.29 10:09:04 | 000,436,792 | -H-- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.04.12 10:44:34 | 000,059,388 | -H-- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2009.05.11 10:12:49 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.04 16:35:00 | 000,163,328 | -H-- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2009.04.22 11:27:12 | 001,129,472 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.01.21 04:23:20 | 002,225,664 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.11.14 02:11:54 | 000,013,312 | -H-- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2006.11.02 09:41:50 | 000,983,552 | -H-- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 09:30:53 | 000,045,056 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2005.09.23 23:18:32 | 000,171,520 | -H-- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: staff@hide-my-ip.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: speedtest@gotomyhelp.com:1.2.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: stealthyextension@gmail.com:0.8 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.03.25 18:41:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.03.25 18:41:01 | 000,000,000 | ---D | M] [2010.07.22 11:39:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Extensions [2011.04.20 16:21:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions [2010.07.23 14:11:58 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.28 18:36:36 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.07.26 14:18:16 | 000,000,000 | -H-D | M] (FIFA Online Web Launcher) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\eafo3fflauncher@ea.com [2010.08.28 13:49:49 | 000,000,000 | -H-D | M] ("Broadband Speed Test and Diagnostics") -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\speedtest@gotomyhelp.com [2011.04.07 19:28:39 | 000,000,000 | -H-D | M] (Stealthy) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\stealthyextension@gmail.com [2011.04.07 19:28:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\stealthyextension@gmail.com\chrome [2009.10.28 21:30:35 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2010.08.16 13:19:32 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010.08.19 09:56:53 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.16 20:01:37 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.11 15:52:14 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.02.04 12:16:35 | 000,000,000 | ---D | M] (Hide My IP) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\STAFF@HIDE-MY-IP.COM O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [MRtPNAFMRSnT] File not found O4 - HKCU..\Run: [PlayNC Launcher] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: &Download by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube Download - C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6dfa23fb-b080-11df-968d-001583c2cefa}\Shell - "" = AutoRun O33 - MountPoints2\{6dfa23fb-b080-11df-968d-001583c2cefa}\Shell\AutoRun\command - "" = F:\Set-up.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\MTInstall.exe O33 - MountPoints2\G\Shell\directx\command - "" = G:\Redist\directx8a\dxsetup.exe O33 - MountPoints2\G\Shell\Gamespy\command - "" = G:\Redist\GameSpy\ArcadeInstallMTYCOON108c.exe O33 - MountPoints2\G\Shell\setup\command - "" = G:\MTInstall.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.21 11:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.04.21 11:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.04.21 09:55:01 | 000,000,000 | -H-D | C] -- C:\Users\Meier\AppData\Roaming\Malwarebytes [2011.04.21 09:54:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.21 09:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.21 09:54:10 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\Meier\Desktop\OTL.exe [2011.04.21 09:39:33 | 007,734,208 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\Meier\Desktop\mbam-setup.exe [2011.04.21 08:41:45 | 000,000,000 | -H-D | C] -- C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.04.15 18:13:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.04.15 16:14:32 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.15 16:14:32 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.15 16:14:14 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.15 16:14:14 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.15 16:14:14 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.15 16:14:07 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.15 16:14:07 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.15 16:14:07 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.15 16:14:07 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.15 16:14:06 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.15 16:14:06 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.15 16:14:06 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.15 16:14:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.15 16:14:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.15 16:14:06 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.15 16:14:06 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.15 16:14:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.15 16:14:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.15 16:14:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.15 16:13:54 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.15 16:13:53 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.15 16:13:49 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.15 16:13:47 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.15 16:13:44 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.15 16:13:44 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.08 12:19:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acoustica MP3 To Wave Converter Plus [2011.04.08 12:13:16 | 000,000,000 | -H-D | C] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoft [2011.03.27 08:12:11 | 000,000,000 | -H-D | C] -- C:\Users\Meier\AppData\Local\Microsoft Games [2011.03.23 13:19:21 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.03.23 13:19:21 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2010.08.25 19:59:08 | 000,004,096 | -H-- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.21 12:28:37 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 12:28:37 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 12:28:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.21 12:28:30 | 3150,565,376 | -HS- | M] () -- C:\hiberfil.sys [2011.04.21 11:26:32 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.04.21 11:06:29 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.04.21 09:54:52 | 000,000,704 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.21 09:39:22 | 007,734,208 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\Meier\Desktop\mbam-setup.exe [2011.04.21 09:22:30 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Meier\Desktop\OTL.exe [2011.04.21 06:52:17 | 000,632,252 | -H-- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.21 06:52:17 | 000,598,900 | -H-- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.21 06:52:17 | 000,127,464 | -H-- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.21 06:52:17 | 000,104,914 | -H-- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.20 16:34:59 | 000,000,370 | -H-- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2011.04.15 18:32:00 | 003,810,392 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.08 12:19:07 | 000,000,777 | -H-- | M] () -- C:\Users\Public\Desktop\Acoustica MP3 To Wave Converter PLUS.lnk [2011.04.08 12:17:05 | 000,001,032 | -H-- | M] () -- C:\Users\Meier\Desktop\DVDVideoSoft Free Studio.lnk [2011.04.08 12:17:01 | 000,000,849 | -H-- | M] () -- C:\Users\Meier\Desktop\Free Audio Converter.lnk [2011.04.03 12:14:09 | 000,015,008 | -H-- | M] () -- C:\Users\Meier\Desktop\OpenDocument Text (neu).odt [2011.04.02 13:49:46 | 000,000,915 | -H-- | M] () -- C:\Users\Meier\Desktop\Free YouTube to MP3 Converter.lnk [2011.03.27 08:39:50 | 000,000,349 | -H-- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.21 12:28:30 | 3150,565,376 | -HS- | C] () -- C:\hiberfil.sys [2011.04.21 11:26:32 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.04.21 09:54:52 | 000,000,704 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.08 12:19:07 | 000,000,777 | -H-- | C] () -- C:\Users\Public\Desktop\Acoustica MP3 To Wave Converter PLUS.lnk [2011.04.08 12:13:19 | 000,000,849 | -H-- | C] () -- C:\Users\Meier\Desktop\Free Audio Converter.lnk [2011.04.03 11:13:59 | 000,015,008 | -H-- | C] () -- C:\Users\Meier\Desktop\OpenDocument Text (neu).odt [2011.04.02 13:49:46 | 000,000,915 | -H-- | C] () -- C:\Users\Meier\Desktop\Free YouTube to MP3 Converter.lnk [2011.04.02 13:17:36 | 000,000,370 | -H-- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.11.07 20:54:46 | 000,000,010 | -H-- | C] () -- C:\Windows\popcinfo.dat [2010.10.31 15:25:58 | 000,001,666 | -H-- | C] () -- C:\Windows\Sandboxie.ini [2010.10.25 14:48:52 | 000,000,331 | -H-- | C] () -- C:\Windows\SIERRA.INI [2010.10.25 10:20:49 | 000,000,556 | -H-- | C] () -- C:\Windows\ODBC.INI [2010.10.14 02:36:44 | 000,179,263 | -H-- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.09.24 21:47:43 | 000,000,069 | -H-- | C] () -- C:\Windows\NeroDigital.ini [2010.08.25 20:30:02 | 000,439,308 | -H-- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.08.25 20:30:00 | 000,982,240 | -H-- | C] () -- C:\Windows\System32\igkrng500.bin [2010.08.25 20:30:00 | 000,092,356 | -H-- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.08.25 19:57:00 | 000,000,151 | -H-- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.08.25 19:52:00 | 000,208,896 | -H-- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.08.25 19:52:00 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\iglhcp32.dll [2010.08.24 17:46:00 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2010.08.03 15:14:30 | 000,233,472 | -H-- | C] () -- C:\Windows\System32\MafiaSetup.exe [2010.07.26 14:20:42 | 000,139,152 | -H-- | C] () -- C:\Users\Meier\AppData\Roaming\PnkBstrK.sys [2010.07.26 10:58:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.07.26 10:58:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.07.24 16:11:17 | 000,000,013 | -H-- | C] () -- C:\Users\Meier\AppData\Roaming\Update.cfg [2010.07.23 21:15:01 | 001,970,176 | -H-- | C] () -- C:\Windows\System32\d3dx9.dll [2010.07.22 11:38:52 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat [2009.08.03 00:21:54 | 000,197,912 | -H-- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.08.03 00:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.08.03 00:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.07.24 05:49:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.07.24 05:20:06 | 000,307,200 | -H-- | C] () -- C:\Windows\SetDisplayResolution.exe [2009.07.24 05:19:37 | 000,000,135 | RH-- | C] () -- C:\Windows\System32\lngEng.ini [2009.07.24 05:19:37 | 000,000,117 | -H-- | C] () -- C:\Windows\System32\lngKor.ini [2009.07.24 05:17:29 | 000,004,280 | -H-- | C] () -- C:\Windows\HotFixList.ini [2009.07.24 05:17:08 | 000,073,728 | -H-- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.07.24 03:52:31 | 000,632,252 | -H-- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.24 03:52:31 | 000,290,748 | -H-- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.24 03:52:31 | 000,127,464 | -H-- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.24 03:52:31 | 000,036,916 | -H-- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.24 03:35:48 | 001,060,424 | -H-- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2009.07.24 03:35:40 | 000,147,456 | -H-- | C] () -- C:\Windows\System32\igfxCoIn_v1540.dll [2009.07.24 03:35:40 | 000,147,172 | -H-- | C] () -- C:\Windows\System32\igfcg550.bin [2008.02.09 18:03:07 | 000,024,576 | -H-- | C] () -- C:\Windows\System32\drivers\Marker.exe [2007.02.26 09:49:12 | 006,139,774 | -H-- | C] () -- C:\Windows\imagine digital freedom.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 003,810,392 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,598,900 | -H-- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,914 | -H-- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010.11.06 17:51:20 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Alawar [2010.11.06 13:48:43 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Boomzap [2010.07.28 14:33:16 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Canneverbe Limited [2010.09.21 12:05:49 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Canon [2010.09.16 20:16:01 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2010.09.11 13:43:49 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Command and Conquer 4 [2010.08.31 22:07:41 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DAEMON Tools Pro [2011.04.08 12:13:16 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoft [2011.04.02 13:50:02 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers [2010.07.24 23:31:46 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\GrabPro [2010.08.22 16:18:53 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ICQ [2010.07.24 01:57:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\MessengerGadget [2010.11.06 15:52:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\My Games [2010.09.05 11:58:06 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Need for Speed World [2010.08.16 13:24:03 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\OpenOffice.org [2011.04.20 21:11:11 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Orbit [2010.12.23 12:02:47 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Process Hacker 2 [2010.07.24 23:32:31 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ProgSense [2010.08.05 12:47:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010.11.06 19:12:24 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Super-Cow [2010.10.01 19:29:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Zylom [2011.04.20 16:34:59 | 000,000,370 | -H-- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2011.04.21 11:06:29 | 000,032,582 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.04.2011 12:45:21 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = D:\Mozilla Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 59,09 Gb Total Space | 12,60 Gb Free Space | 21,33% Space Free | Partition Type: NTFS Drive D: | 226,00 Gb Total Space | 136,17 Gb Free Space | 60,25% Space Free | Partition Type: NTFS Computer Name: SAMSUNG | User Name: Meier | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- D:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\Program Files\Orbitdownloader\orbitdm.exe" = D:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "D:\Program Files\Orbitdownloader\orbitnet.exe" = D:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{14F3A794-E653-4742-87A0-E0D9B74A1150}" = lport=2300 | protocol=17 | dir=in | name=wolfteam port | "{208A00FA-10A6-4584-BDF6-B84153B8D04B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{20D028DC-E2FF-4AA2-BAE6-D57BEA8198C4}" = lport=445 | protocol=6 | dir=in | app=system | "{3CF4BAE3-B7A8-420C-9F33-1E3E5BE7E104}" = lport=13000 | protocol=17 | dir=in | name=hockeydash | "{56BBB4AF-1C79-49AD-BA89-69A78E1BA809}" = rport=137 | protocol=17 | dir=out | app=system | "{5E81563F-F878-45A1-ABC2-53A78BBF2EC8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{60F82C58-B1F5-430D-B939-695ADBE7913D}" = lport=137 | protocol=17 | dir=in | app=system | "{7825D50A-BC25-4214-9FF6-5F5DA05758BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{78A0BE29-B16C-4D3C-8DFD-617697596852}" = rport=139 | protocol=6 | dir=out | app=system | "{80CAAB0C-C66C-4B58-BB5E-ADEAAB104BE3}" = lport=49158 | protocol=6 | dir=in | name=akamai netsession interface | "{83C4E23B-E6B4-48FF-B3AB-F3B8C078A9DA}" = rport=138 | protocol=17 | dir=out | app=system | "{B5A334D3-744D-4556-9DE4-ED2280B3527D}" = rport=445 | protocol=6 | dir=out | app=system | "{BA9C339F-776C-48CA-8F3C-9CABA20A0AC5}" = lport=2869 | protocol=6 | dir=in | app=system | "{C5D50928-0BDF-4E0D-A9C9-78DC6296097D}" = lport=139 | protocol=6 | dir=in | app=system | "{E15B5776-2905-4B62-806C-E92D836B8C14}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{E839F652-3F03-47EF-822A-87177B51B29E}" = lport=8500 | protocol=6 | dir=in | name=hockeydash | "{EDA4BBDD-1E33-4B4C-83ED-256B45259F11}" = lport=138 | protocol=17 | dir=in | app=system | "{F11A2D0C-81E9-4DF8-A381-3F1EAA9F44FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{031E18BE-36FA-46DA-955C-BEC759A44F1E}" = protocol=17 | dir=in | app=d:\program files\gamigo ag\levelr\levelr.bin | "{14482ABA-8BA3-45D7-AE86-B5AD8BBC91FC}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{145BCCAE-FF8C-4C68-8D62-3BFAD7B090AD}" = protocol=17 | dir=in | app=d:\program files\icq7.2\icq.exe | "{18918E82-3E45-42B0-B765-5BF014E12EAD}" = protocol=6 | dir=in | app=d:\program files\ogplanet\hockeydash\hockeydash.exe | "{28DB716E-D044-41C8-BC84-D0746782E0EF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{29DE2C06-67AF-4ECB-99CD-D144FDDE8A51}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{3D17E532-8C8A-41E9-8AC5-091711619F9F}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\alien swarm\srcds.exe | "{41FB5A3B-B8DB-4F89-BE04-B0C50FD174FD}" = protocol=6 | dir=in | app=d:\program files\icq7.2\icq.exe | "{4E64293B-AD1C-47A1-83A9-99B3BB6DE2F8}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{4FEC96A0-E32B-4EB8-ADBD-886F5D907146}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{509C77DC-CDA7-4143-8FE5-73C9AFF929E1}" = protocol=6 | dir=in | app=d:\program files\pinnacle\studio 14\programs\studio.exe | "{5A721190-AF02-4F9C-BFE0-4BA4C969A297}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5CAB55F0-198A-494F-A879-D1DAC471E84F}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe | "{625A5FCC-ABAB-47C7-9EE1-1F3B9DCE7DF2}" = protocol=17 | dir=in | app=d:\aeriagames\wolfteam-de\launcher.exe | "{63160B43-9B30-442C-921F-7A38C30F4E12}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\alien swarm\srcds.exe | "{708A77A5-9AD9-4C9C-A64F-495E9E1A351B}" = protocol=17 | dir=in | app=d:\program files\pinnacle\studio 14\programs\studio.exe | "{75EC1325-75C3-468B-AE34-AE7FC32CE0A3}" = protocol=17 | dir=in | app=d:\program files\ogplanet\hockeydash\hockeydash.exe | "{7945870D-0B0A-44D5-89C7-2D466FC1206F}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe | "{79739634-264F-4246-85CB-8AF22DC10AEA}" = protocol=6 | dir=in | app=d:\program files\icq7.2\icq.exe | "{7A9A1701-68FA-481A-9269-AF3ABA85252E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{7E062F10-FDFB-4AE7-89EB-0B020A64E833}" = protocol=6 | dir=in | app=d:\program files\pinnacle\studio 14\programs\rm.exe | "{7F3B7155-E63D-4C45-8D83-967F583CF909}" = protocol=6 | dir=in | app=d:\program files\pinnacle\studio 14\programs\umi.exe | "{8827AF14-989F-414A-BB3B-DE1FFC28085F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{90E5B175-8DDE-4517-B3C6-46821AD32383}" = protocol=17 | dir=in | app=d:\program files\icq7.2\aolload.exe | "{938A1A2D-A5D3-42E2-A824-3E69ACE5FD02}" = protocol=17 | dir=in | app=d:\program files\icq7.2\aolload.exe | "{96B2DA6E-944D-4046-8459-13BE12E2C60A}" = protocol=17 | dir=in | app=d:\program files\pinnacle\studio 14\programs\umi.exe | "{9953B4B4-41BC-4A60-B4D0-51A475A464DA}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{9B4FAF45-F301-4EB6-9DE1-F6295DBA383C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9CE18D3A-760D-4754-95DD-5F41135D0EE8}" = protocol=6 | dir=in | app=d:\program files\gamigo ag\levelr\levelr.bin | "{ABC33052-224A-49F2-B049-B86AA22C87B0}" = protocol=6 | dir=in | app=d:\program files\icq7.2\aolload.exe | "{AC6DDA29-085F-4E2E-9C94-3A7A9B19D86E}" = protocol=6 | dir=in | app=d:\program files\icq7.2\aolload.exe | "{B43C8941-CE32-4207-9358-27C1961DE26C}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{C629D4C0-D0E2-47D5-85A1-AB690BF75CD2}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{C6306FD0-9544-4525-AD7D-A567006CB5DA}" = protocol=17 | dir=in | app=d:\program files\icq7.2\aolload.exe | "{CEE6AA81-8DAE-4CB6-9155-A8EFF12F20E6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{D0A768C8-4813-4B16-95DE-E0B509741A6D}" = protocol=17 | dir=in | app=d:\program files\icq7.2\icq.exe | "{D18788D9-C34A-4C6D-9019-2FE674E1B734}" = protocol=17 | dir=in | app=d:\program files\pinnacle\studio 14\programs\rm.exe | "{D64072C8-B969-4D70-B509-80C5E36E3F5D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{E04A4866-9913-4593-9AC2-39B34D64186D}" = protocol=6 | dir=in | app=d:\program files\icq7.2\icq.exe | "{E62D4474-897C-4754-86CF-ACF4C3EF0F58}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{E95772DD-A2D3-46D0-83F6-E146AA9101A8}" = protocol=6 | dir=in | app=d:\program files\icq7.2\aolload.exe | "{E99363F6-9838-4A88-B24F-F17827D7BB6A}" = protocol=6 | dir=in | app=d:\aeriagames\wolfteam-de\launcher.exe | "{EA7CD89E-9DF4-4587-945C-7214063469EB}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{ED0F6723-DF8E-4F8D-9ED9-199A13462D46}" = protocol=17 | dir=in | app=d:\program files\icq7.2\icq.exe | "{F619090B-946A-453A-989F-D821D70C4C00}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F9711B46-B28B-433E-BBF6-AE0DDA226F1C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "TCP Query User{0154C858-B048-4274-BB52-4E2BED70EA39}D:\program files\garena\garena.exe" = protocol=6 | dir=in | app=d:\program files\garena\garena.exe | "TCP Query User{0C912525-BBD0-4D72-84B3-4D8E2F9F7D05}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{2049B93A-BC75-44D8-A749-91B1F6FBB0FC}D:\program files\ea sports\fifa online\nfe.exe" = protocol=6 | dir=in | app=d:\program files\ea sports\fifa online\nfe.exe | "TCP Query User{20DAB239-6877-4B28-9A7F-B6AC503BAB75}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{2B9257CA-A7A7-442E-B137-FD0483EA2322}D:\program files\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=6 | dir=in | app=d:\program files\command & conquer 4 tiberian twilight\data\cnc4.game | "TCP Query User{2F3C5C8D-EE19-4057-AEAE-FC3A71F28505}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | "TCP Query User{4C8B99BF-8106-42CE-881E-AAEEC388D511}D:\program files\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=d:\program files\left 4 dead\left4dead.exe | "TCP Query User{6F1124EE-844F-41D6-B384-492B7539FE4E}D:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=d:\program files\atari\test drive unlimited\testdriveunlimited.exe | "TCP Query User{765D6057-E03D-4F06-A3A8-D53435162FFB}D:\aeriagames\rohan\rohanclient.exe" = protocol=6 | dir=in | app=d:\aeriagames\rohan\rohanclient.exe | "TCP Query User{DF306364-8A97-458B-ADA7-61BFE493432F}D:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=6 | dir=in | app=d:\aeriagames\wolfteam-de\wolfteam.bin | "TCP Query User{E3168FDA-A813-4D8B-820A-469E05E29203}D:\program files\steamless left4dead2 pack\left4dead2.exe" = protocol=6 | dir=in | app=d:\program files\steamless left4dead2 pack\left4dead2.exe | "TCP Query User{ED95F4BC-19A0-43E2-9D47-D97AB9EDA5C0}D:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\eadm\core.exe | "TCP Query User{F227E3F9-3DC5-406A-BD5F-47B7980A34DB}D:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=d:\program files\orbitdownloader\orbitnet.exe | "UDP Query User{331ADF06-E73E-427E-92B5-C5BAE3FDB54B}D:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=d:\program files\atari\test drive unlimited\testdriveunlimited.exe | "UDP Query User{4FD0CE6F-EF8C-46F0-9294-E1E0F27A3B2B}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | "UDP Query User{59E10071-A191-496E-9474-C24026D83D7F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{695EE8C5-EB83-490E-869B-8251A447645C}D:\program files\garena\garena.exe" = protocol=17 | dir=in | app=d:\program files\garena\garena.exe | "UDP Query User{6BD876F0-8478-4344-A385-087E35512EE5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{7141627E-FB5D-46FB-B374-C031D4C8AC09}D:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=17 | dir=in | app=d:\aeriagames\wolfteam-de\wolfteam.bin | "UDP Query User{7316A955-D8A0-47E0-A9ED-BB2D909C1A95}D:\aeriagames\rohan\rohanclient.exe" = protocol=17 | dir=in | app=d:\aeriagames\rohan\rohanclient.exe | "UDP Query User{7888E5C5-AE5F-4910-801C-C404E2E2777A}D:\program files\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=17 | dir=in | app=d:\program files\command & conquer 4 tiberian twilight\data\cnc4.game | "UDP Query User{789E9993-519A-4E23-A517-42865290795A}D:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\eadm\core.exe | "UDP Query User{9B3958B9-2089-4533-A191-6A0383A95B7A}D:\program files\ea sports\fifa online\nfe.exe" = protocol=17 | dir=in | app=d:\program files\ea sports\fifa online\nfe.exe | "UDP Query User{9D723CFA-0C83-4FEA-B59D-D43712C1ADC0}D:\program files\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=d:\program files\left 4 dead\left4dead.exe | "UDP Query User{BF690DF6-727A-4984-AB2D-20010F9B7D22}D:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=d:\program files\orbitdownloader\orbitnet.exe | "UDP Query User{E95C6208-AE70-4F61-8F64-F9D9517BED7D}D:\program files\steamless left4dead2 pack\left4dead2.exe" = protocol=17 | dir=in | app=d:\program files\steamless left4dead2 pack\left4dead2.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2 "{1B3EC2E9-67E3-4D10-B1B8-BD71D7DC8930}" = Eternia LastChaos "{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10 "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 22 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{3832FA99-2EDD-41E0-94AD-FBF9FABAFEF9}" = Atheros WLAN Client "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM) "{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10 "{68CAE442-579C-4D84-AA5F-253852522ED5}" = PCTroubleshooting "{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{8043219B-D2C0-4561-90AB-3F1113ED5A87}" = HERRSCHER DES OLYMP - ZEUS & HERRSCHER von ATLANTIS - POSEIDON "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{852019C5-8AF7-4ECF-BB25-79AE53FBD245}_is1" = Strassenbau Simulator 1.2.16 "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5 "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2 "{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10 "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10 "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender "{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14 "{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B975F4A1-63B6-11D4-BFEC-005004AF2D32}" = Monopoly Tycoon "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DAB2778A-31C8-43CC-98C9-FF9FE2842D55}" = Eternia LastChaos "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10 "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10 "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM) "{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Acoustica MP3 To Wave Converter PLUS" = Acoustica MP3 To Wave Converter PLUS "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program "CanonSolutionMenu" = Canon Utilities Solution Menu "CCleaner" = CCleaner "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DivX Setup.divx.com" = DivX-Setup "EAX Unified" = EAX Unified "FLAC" = FLAC 1.2.1b (remove only) "Fraps" = Fraps (remove only) "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free Audio Converter_is1" = Free Audio Converter version 2.2.16.324 "Free YouTube Download_is1" = Free YouTube Download 2.8 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "IsoBuster_is1" = IsoBuster 2.8 "JDownloader" = JDownloader "Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio "Left 4 Dead" = Left 4 Dead "Magic Bullet Looks Studio" = Magic Bullet Looks Studio "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Monopoly Deluxe" = Monopoly Deluxe "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "MP Navigator EX 2.0" = Canon MP Navigator EX 2.0 "OpenAL" = OpenAL "Orbit_is1" = Orbit Downloader "PowerISO" = PowerISO "PROHYBRIDR" = 2007 Microsoft Office system "Red Giant ToonIt Studio" = Red Giant ToonIt Studio "Sandboxie" = Sandboxie 3.50 "Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver "SystemRequirementsLab" = System Requirements Lab "Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio "Trapcode Particular Studio" = Trapcode Particular Studio "Trapcode Shine Studio" = Trapcode Shine Studio "Uninstall_is1" = Uninstall 1.0.0.1 "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 1.1.5 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
21.04.2011, 14:15 | #4 |
/// Helfer-Team | kazy.mekml.1 seit gerade eben 1. Deine Javaversion ist nicht aktuell! Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen: → Systemsteuerung → Software → deinstallieren... → Rechner neu aufstarten → Downloade nun die Offline-Version von Java Version 6 Update 24 von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 2. Adobe Reader aktualisieren : - Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus") Adobe Reader Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..." 3.
4. - "Link:-> ESET Online Scanner >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum -> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch - folgendes bitte anhaken > "Remove found threads" und "Scan archives" - die Scanergebnis als *.txt Dateien speichern) - meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt" Vor dem Scan Einstellungen im Internet Explorer: - "Extras→ Internetoptionen→ Sicherheit": - alles auf Standardstufe stellen - Active X erlauben - um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen ► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
21.04.2011, 19:51 | #5 |
| kazy.mekml.1 seit gerade eben 1. ok habs gelöscht und via offline setup neu aufgesetzt 2. update gemacht 3. SUPERAntiSpyware Log Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 04/21/2011 at 06:20 PM Application Version : 4.50.1002 Core Rules Database Version : 6885 Trace Rules Database Version: 4697 Scan type : Complete Scan Total Scan Time : 01:03:03 Memory items scanned : 653 Memory threats detected : 0 Registry items scanned : 8854 Registry threats detected : 0 File items scanned : 41246 File threats detected : 16 Adware.Tracking Cookie C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@p380t1s3658947.kronos.bravenetmedia[1].txt C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@atdmt[2].txt C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@e-2dj6wfk4gnd5oho.stats.esomniture[1].txt C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@www.counter[3].txt C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@www.counter[7].txt C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@www.counter[4].txt C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@www.counter[1].txt C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@www.counter[5].txt C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@www.counter[2].txt C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@www.counter[6].txt Trojan.Agent/Gen-HackPatch C:\PROGRAM FILES\ETERNIAGAMES\ETERNIA LASTCHAOS EP2\BIN\LASTCHAOSPATCH.EXE C:\PROGRAM FILES\ETERNIAGAMES\ETERNIA LASTCHAOS EP2\BIN - KOPIE\LASTCHAOSPATCH.EXE D:\AERIAGAMES\LASTCHAOSUSA\BIN\LAST.CHAOS-PATCH.EXE D:\MOZILLA DOWNLOADS\LASTCHAOSPATCH\LASTCHAOSPATCH.EXE D:\PROGRAM FILES\ETERNIA GAMES\ETERNIA LASTCHAOS\BIN\LASTCHAOSPATCH.EXE D:\PROGRAM FILES\ETERNIA GAMES\ETERNIA LASTCHAOS\BIN - KOPIE\LASTCHAOSPATCH.EXE ESET Log Code:
ATTFilter ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=db34a3d4cde7e944b8cc1c4ac608f765 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-04-21 05:46:27 # local_time=2011-04-21 07:46:27 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775165 100 94 340381 39938313 118926 0 # compatibility_mode=5892 16776573 100 100 198399 140934185 0 0 # compatibility_mode=8192 67108863 100 0 2156 2156 0 0 # scanned=367311 # found=0 # cleaned=0 # scan_time=6530 Der momentane zustand ist nicht wirklich besser immernoch keine desktopsymbole keiner schnellstartsymbole unter start ist auch nichts festplatte C wird auch nicht angezeigt es sei den man stellt es in den ordner optionen um (versteckte datein anzeigen) dann sind die ordner etc. leicht transparent zu sehen lediglich die medlungen mit defekter festplatte tauchen im mom nicht auf |
21.04.2011, 21:05 | #6 |
/// Helfer-Team | kazy.mekml.1 seit gerade eben
► wie verhält sich den dein System? berichte erneut
__________________ --> kazy.mekml.1 seit gerade eben |
22.04.2011, 06:23 | #7 |
| kazy.mekml.1 seit gerade eben Hallo, nach dem ausführen von Unhide sind nun wieder alle symbole unter Start sowie auf dem Desktop zu sehen Laptop läuft im mom stabil nur ein wenig träge wie ich finde ist der trojaner denn nun vom system entfernt ? |
22.04.2011, 07:26 | #8 | ||
/// Helfer-Team | kazy.mekml.1 seit gerade eben 1. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst 2. Zitat:
♦ Also öffne das Startmenü und gibst ein: %TEMP% ♦ Alle Dateien die du dort siehst, kannst du in der Regel bedenkenlos löschen. In Zukunft kannst Du die ganze Prozedur schneller erledigen: CCleaner als Admin starten => gehe auf den Button links oben "Cleaner", setze Häkchen unter Reiter "Windows" (alle außer "Eingabefeld Verlauf" und bei "Erweitert" nur ein Häkchen bei "Alte Prefetchdaten" und "Benutzerdefinierte Dateien und Ordner"). Einstellungen => Benutzerdefiniert => Zu bereinigende Dateien und Ordner => Ordner hinzufügen => Anstelle von <DeinBenutzername> trägst Du den Namen ein, mit dem Du bei Vista eingeloggt bist. C:\Users\<DeinBenutzername>\AppData\Local\Temp\*.* C:\Users\Default\AppData\Local\Temp\*.* C:\Windows\Temp\*.* 3. Öffne CCleaner
4. Ändere deine Passworte und Zugangsdaten! - von einem sauberen System aus - Alle Passwörter, die auf dem kompromittierten System verwendet wurden (also z.B. Login-, Mail- oder Website-Passwörter, aber auch die PIN für das Online-Banking) sofort ändern (► am besten von einem anderen, nicht-infizierten Rechner aus! ) Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) 5. Folgendes: XP, Vista und Windows 7 legen beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz, Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird Ausserdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen müssen jetzt entfernt werden! Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (22.04.2011 um 07:39 Uhr) |
22.04.2011, 08:02 | #9 |
| kazy.mekml.1 seit gerade eben ok das habe ich gemacht würde jetzt nicht sagen das es merklich besser ist aber das wird sich denke ich noch zeigen nur bekomme ich vom internet explorer immer eine meldung das ein script nicht mehr ausgeführt werden kann und im Mozilla den ich eig. nur verwende ist alles fett geschrieben und in foren erkennt man kein unterschied zwischen gelesenen und ungelesenen themen und gibt es programme die ich mir installieren sollte um mich ein wenig besser schützen zu können? |
22.04.2011, 09:04 | #10 |
/// Helfer-Team | kazy.mekml.1 seit gerade eben Ich empfehle dir noch dein System auf Rootkits untersuchen: 1. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Anleitung:-> GMER - Rootkit Scanner 2. Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit) Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
22.04.2011, 11:31 | #11 |
| kazy.mekml.1 seit gerade eben 1. GMER Log Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net Rootkit scan 2011-04-22 12:29:25 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 Running: mwlmh7ng.exe; Driver: C:\Users\Meier\AppData\Local\Temp\pxrdypoc.sys ---- System - GMER 1.0.15 ---- SSDT \??\D:\Program Files\SupeAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8F2E5620] INT 0x62 ? 86C2ECC8 INT 0x72 ? 86C2ECC8 INT 0x92 ? 86C2ECC8 INT 0xA2 ? 86C2ECC8 INT 0xB2 ? 84A04CC8 INT 0xB2 ? 86C2ECC8 INT 0xB2 ? 86C2ECC8 INT 0xB2 ? 86C2ECC8 INT 0xB2 ? 84A04CC8 Code AADA8BFC ZwTraceEvent Code AADA8BFB NtTraceEvent ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!NtTraceEvent 82081F64 5 Bytes JMP AADA8C00 .text ntoskrnl.exe!KeInsertQueue + 811 820B3E08 4 Bytes [20, 56, 2E, 8F] PAGE ntoskrnl.exe!NtRequestPort + 2 82208B0B 5 Bytes JMP AADA8CA0 PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 2 82260E94 5 Bytes JMP AADA8DE0 PAGE ntoskrnl.exe!NtRequestWaitReplyPort + 2 82263EE9 5 Bytes JMP AADA8D40 ? System32\drivers\uukqw.sys Das System kann den angegebenen Pfad nicht finden. ! .text sptd.sys 8A24D000 32 Bytes [06, 01, 02, 82, 60, 6F, 01, ...] .text sptd.sys 8A24D024 4 Bytes [D2, C3, 37, 8A] .text sptd.sys 8A24D02C 48 Bytes [B2, 82, 24, 82, AE, CB, 1E, ...] .text sptd.sys 8A24D05D 359 Bytes [B9, 08, 82, B4, DE, 06, 82, ...] .text sptd.sys 8A24D1C5 15 Bytes [FD, 0A, 82, 58, 1D, 0C, 82, ...] .text ... .sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x8A344D38] ? C:\Windows\System32\Drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. .text USBPORT.SYS!DllUnload 9021041B 5 Bytes JMP 86C2E1D8 .text win32k.sys!EngTransparentBlt + 8C05 99102409 5 Bytes JMP AADA8980 .text win32k.sys!XFORMOBJ_iGetXform + 455E 9910FEF1 5 Bytes JMP AADA85C0 .text win32k.sys!XFORMOBJ_iGetXform + 70D9 99112A6C 5 Bytes JMP AADA8700 .text win32k.sys!EngGradientFill + 60DE 99153371 5 Bytes JMP AADA88E0 .text win32k.sys!EngMulDiv + 4D3C 99159CAB 5 Bytes JMP AADA8660 .text win32k.sys!EngMulDiv + 8C27 9915DB96 5 Bytes JMP AADA8520 .text win32k.sys!EngStrokePath + 5FF 99166FFC 5 Bytes JMP AADA8A20 .text win32k.sys!EngAlphaBlend + 8893 9917E2C0 5 Bytes JMP AADA83E0 .text win32k.sys!EngAlphaBlend + 9B1D 9917F54A 5 Bytes JMP AADA8480 .text win32k.sys!STROBJ_vEnumStart + 4728 99196B49 5 Bytes JMP AADA8AC0 .text win32k.sys!CLIPOBJ_bEnum + 24A 991BA904 5 Bytes JMP AADA8840 .text win32k.sys!EngLineTo + A0F 991DD707 5 Bytes JMP AADA87A0 .text win32k.sys!EngLineTo + DCED 991EA9E5 5 Bytes JMP AADA8B60 ---- User code sections - GMER 1.0.15 ---- .text D:\Program Files\Mozilla Firefox\firefox.exe[1660] ntdll.dll!LdrLoadDll 774B93A8 5 Bytes JMP 001C13F0 D:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text D:\Program Files\Mozilla Firefox\firefox.exe[1660] WS2_32.dll!closesocket 7717330C 5 Bytes JMP 008B000A .text D:\Program Files\Mozilla Firefox\firefox.exe[1660] WS2_32.dll!connect 771740D9 5 Bytes JMP 008A000A .text D:\Program Files\Mozilla Firefox\firefox.exe[1660] WS2_32.dll!getaddrinfo 7717418A 5 Bytes JMP 008E000A .text D:\Program Files\Mozilla Firefox\firefox.exe[1660] WS2_32.dll!send 7717659B 5 Bytes JMP 008C000A .text D:\Program Files\Mozilla Firefox\firefox.exe[1660] WS2_32.dll!gethostbyname 771862D4 5 Bytes JMP 008D000A .text C:\Windows\Explorer.EXE[2096] WININET.dll!HttpAddRequestHeadersA 76FCCF4E 5 Bytes JMP 008918D5 .text C:\Windows\Explorer.EXE[2096] WININET.dll!HttpAddRequestHeadersW 76FCFE49 5 Bytes JMP 00891A9D .text D:\Program Files\Mozilla Firefox\plugin-container.exe[2692] USER32.dll!TrackPopupMenu 75C514F3 5 Bytes JMP 68542024 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 849FE308 IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8A24EFE0] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8A24E574] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8A24E0C0] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8A24F1BC] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8A24E2A4] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8A24E362] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\ataport.SYS[ntoskrnl.exe!DbgBreakPoint] 849FF308 IAT \SystemRoot\system32\drivers\PCIIDEX.SYS[ntoskrnl.exe!DbgBreakPoint] 84A07308 IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86C2E308 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8A263312] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\DRIVERS\storport.sys[ntoskrnl.exe!DbgBreakPoint] 86DC4308 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 84A081F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) Device \Driver\usbuhci \Device\USBPDO-0 86D301F8 Device \Driver\usbuhci \Device\USBPDO-1 86D301F8 Device \Driver\PCI_PNP2641 \Device\00000052 sptd.sys Device \Driver\usbuhci \Device\USBPDO-2 86D301F8 Device \Driver\usbehci \Device\USBPDO-3 86D311F8 Device \Driver\usbuhci \Device\USBPDO-4 86D301F8 Device \Driver\usbuhci \Device\USBPDO-5 86D301F8 Device \Driver\usbuhci \Device\USBPDO-6 86D301F8 Device \Driver\usbehci \Device\USBPDO-7 86D311F8 Device \Driver\cdrom \Device\CdRom0 86D171F8 Device \Driver\iaStor \Device\Ide\iaStor0 [8A4FB0B0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8A4FB0B0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8A4FB0B0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\netbt \Device\NetBT_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7} 87B441F8 Device \Driver\cdrom \Device\CdRom1 86D171F8 Device \Driver\netbt \Device\NetBt_Wins_Export 87B441F8 Device \Driver\Smb \Device\NetbiosSmb 876501F8 Device \Driver\iScsiPrt \Device\RaidPort0 86E071F8 Device \Driver\usbuhci \Device\USBFDO-0 86D301F8 Device \Driver\usbuhci \Device\USBFDO-1 86D301F8 Device \Driver\usbuhci \Device\USBFDO-2 86D301F8 Device \Driver\netbt \Device\NetBT_Tcpip_{F7126855-9BB3-4492-9373-105E0C664B65} 87B441F8 Device \Driver\usbehci \Device\USBFDO-3 86D311F8 Device \Driver\usbuhci \Device\USBFDO-4 86D301F8 Device \Driver\usbuhci \Device\USBFDO-5 86D301F8 Device \Driver\usbuhci \Device\USBFDO-6 86D301F8 Device \Driver\usbehci \Device\USBFDO-7 86D311F8 Device \Driver\VClone \Device\Scsi\VClone1 86DBF1F8 Device \Driver\VClone \Device\Scsi\VClone1Port2Path0Target0Lun0 86DBF1F8 Device \Driver\arnwall8 \Device\Scsi\arnwall81 86DEB430 Device \FileSystem\cdfs \Cdfs 86CB11F8 ---- Threads - GMER 1.0.15 ---- Thread System [4:324] 86AF2E7A Thread System [4:328] 86AF5008 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583c2cefa Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x44 0xC1 0xB5 0x1B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001583c2cefa (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x44 0xC1 0xB5 0x1B ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Users\Public\Documents\Pinnacle\Content\MotionTitles\-Looks\Standard\01 \x2013 Soft Shadow Looks.ixLook 1 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ... ---- Files - GMER 1.0.15 ---- File C:\Users\Meier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55WCRVI2\down[1] 3414 bytes File C:\Users\Meier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55WCRVI2\errorPageStrings[1] 2148 bytes File C:\Users\Meier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WLSII13\dnserrordiagoff_webOC[1] 6914 bytes File C:\Users\Meier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WLSII13\background_gradient[1] 453 bytes File C:\Users\Meier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8C99BA5N\httpErrorPagesScripts[2] 8601 bytes File C:\Users\Meier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8C99BA5N\info_48[1] 6993 bytes File C:\Users\Meier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1HWIOU6\ErrorPageTemplate[1] 2168 bytes File C:\Users\Meier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1HWIOU6\bullet[1] 3169 bytes ---- EOF - GMER 1.0.15 ---- 2. MBR Log Code:
ATTFilter Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net Windows 6.0.6002 Disk: SAMSUNG_ rev.2AC1 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 device: opened successfully user: MBR read successfully Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86AEE1ED]<< 1 nt!IofCallDriver[0x8208C11B] -> \Device\Harddisk0\DR0[0x85F33270] 3 CLASSPNP[0x8AAAA8B3] -> nt!IofCallDriver[0x8208C11B] -> \Device\Ide\IAAStorageDevice-1[0x853BC028] kernel: MBR read successfully detected disk devices: detected hooks: \Driver\atapi -> 0x84a051f8 \Driver\iaStor -> 0x86aee1ed user & kernel MBR OK Warning: possible MBR rootkit infection ! |
22.04.2011, 22:44 | #12 |
/// Helfer-Team | kazy.mekml.1 seit gerade eben TDSSKiller von Kaspersky
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
23.04.2011, 08:10 | #13 |
| kazy.mekml.1 seit gerade eben Das Programm TDSSKiller will bei mir nicht starten habe es direkt auf dem desktop entpackt es ist nicht in einem Ordner sonder direkt auf dem Desktop wenn ich doppelklick mache erscheint für den bruchteil einer sekunde das lade symbol am mauszieger aber es passiert nichts das selbe wenn ich als Administrator ausführen wähle es startet nicht |
23.04.2011, 21:22 | #14 |
/// Helfer-Team | kazy.mekml.1 seit gerade eben Rechtsklick auf das Tool TDSSKiller -> als Administrator ausführen
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
24.04.2011, 06:14 | #15 |
| kazy.mekml.1 seit gerade eben ich schrieb ja schon das das auch leider nicht hilft kann ich mein Mozilla und mein IE auch noch irgendwie prüfen weil irgendwie scheint da auch was zu sein wenn ich links anklicke werde ich manchmal zu ganz anderen seiten geleitet und vom IE kommt immer ein Scriptfehler |
Themen zu kazy.mekml.1 seit gerade eben |
4d36e972-e325-11ce-bfc1-08002be10318, ad-aware, akamai, autorun, avgntflt.sys, avira, bho, c:\windows\system32\rundll32.exe, canon, converter, desktop, diagnostics, disabletaskmgr, document, downloader, excel, fehler, festplatte, festplattenfehler, firefox, home, iastor.sys, iexplore.exe, jdownloader, kazy.mekml.1, kritischer festplattenfehler, location, microsoft office 2003, microsoft office word, mozilla, mp3, nvstor.sys, office 2007, oldtimer, otl.exe, pando media booster, plug-in, poweriso, realtek, registry, saver, scan, sched.exe, security update, siteadvisor, software, speedtest, sptd.sys, start menu, svchost.exe, trojaner, usb, vista, wrapper |