![]() |
Plagegeister aller Art und deren Bekämpfung: TR/Kazy hat zugeschlagenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
![]() | #1 |
| ![]() TR/Kazy hat zugeschlagen Hi Leute! Mir ist es auch passiert. :/ Meine Bilder, Videos etc. sind nicht mehr sichtbar. Es kommen ständig Fehlermeldungen das meine Festplatte beschädigt sei. Malwarebytes forstet sich noch durch meine Dateien. Sobald das fertig ist poste ich das Ergebnis hier. OTL habe ich bereits durchgeführt mit folgenden Einstellungen: minimale Ausgabe und Extra-Registrierung: benutze Safelist TDSS Killer hat nichts gefunden. Hier sind die zwei Textdateien: Code:
ATTFilter OTL logfile created on: 29.04.2011 06:17:07 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Lone\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 66,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 457,06 Gb Total Space | 213,29 Gb Free Space | 46,67% Space Free | Partition Type: NTFS Drive D: | 4,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 465,76 Gb Total Space | 95,74 Gb Free Space | 20,56% Space Free | Partition Type: NTFS Drive I: | 1,86 Gb Total Space | 1,78 Gb Free Space | 95,97% Space Free | Partition Type: FAT32 Computer Name: BERND-PC | User Name: Lone | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Lone\Desktop\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\BikMInqAaqKWg.exe (WinTrust) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Users\Lone\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe (KoshyJohn.com) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Windows\vVX1000.exe (Microsoft Corporation) PRC - C:\Programme\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe (Trend Micro Inc.) PRC - C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (SafeList) ========== MOD - C:\Users\Lone\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.) SRV:64bit: - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.) SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.) SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (TabletServiceWacom) -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (nTuneService) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA) SRV - (UpdateCenterService) -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe (NVIDIA) ========== Driver Services (SafeList) ========== DRV:64bit: - (tmwfp) -- C:\Windows\SysNative\drivers\tmwfp.sys (Trend Micro Inc.) DRV:64bit: - (tmlwf) -- C:\Windows\SysNative\drivers\tmlwf.sys (Trend Micro Inc.) DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.) DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID) DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology) DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology) DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology) DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\drivers\tmxpflt.sys (Trend Micro Inc.) DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\drivers\tmpreflt.sys (Trend Micro Inc.) DRV:64bit: - (vsapint) -- C:\Windows\SysNative\drivers\vsapint.sys (Trend Micro Inc.) DRV:64bit: - (VX1000) -- C:\Windows\SysNative\drivers\VX1000.sys (Microsoft Corporation) DRV:64bit: - (S332x64) -- C:\Windows\SysNative\drivers\S332x64.sys (SCM Microsystems Inc.) DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (NVR0Dev) -- C:\Windows\nvoclk64.sys (NVIDIA Corp.) DRV - (NVR0FLASHDev) -- C:\Windows\nvflsh64.sys (NVidia Corp.) DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 88 33 49 5F FB CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: toolbar@ask.com: FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}: FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}: FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=STC&o=16078&locale=de_DE&apn_uid=4709A144-185C-455F-8FF8-64C95DF49D9B&apn_ptnrs=I7&apn_sauid=976B2055-6BBB-449E-B5E1-C2242EDFD5EF&apn_dtid=YYYYYYYYDE&q=" FF - HKLM\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2011.04.10 14:46:49 | 000,000,000 | ---D | M] [2011.03.24 20:24:23 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Lone\AppData\Roaming\mozilla\Extensions [2011.03.24 20:24:23 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Lone\AppData\Roaming\mozilla\Firefox\Profiles\lhi8wwe1.default\extensions [2011.03.24 20:24:24 | 000,000,000 | -H-D | M] (Softonic Toolbar) -- C:\Users\Lone\AppData\Roaming\mozilla\Firefox\Profiles\lhi8wwe1.default\extensions\toolbar@ask.com [2011.03.19 03:37:26 | 000,002,395 | -H-- | M] () -- C:\Users\Lone\AppData\Roaming\Mozilla\Firefox\Profiles\lhi8wwe1.default\searchplugins\askcom.xml File not found (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO File not found (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA File not found (No name found) -- C:\USERS\BERND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHI8WWE1.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM O1 HOSTS File: ([2011.03.31 03:00:37 | 000,432,122 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: activate.adobe.com O1 - Hosts: activate.adobe.com O1 - Hosts: practivate.adobe.com O1 - Hosts: ereg.adobe.com O1 - Hosts: activate.wip3.adobe.com O1 - Hosts: wip3.adobe.com O1 - Hosts: 3dns-3.adobe.com O1 - Hosts: 3dns-2.adobe.com O1 - Hosts: adobe-dns.adobe.com O1 - Hosts: adobe-dns-2.adobe.com O1 - Hosts: adobe-dns-3.adobe.com O1 - Hosts: ereg.wip3.adobe.com O1 - Hosts: activate-sea.adobe.com O1 - Hosts: wwis-dubc1-vip60.adobe.com O1 - Hosts: activate-sjc0.adobe.com O1 - Hosts: wwis-dubc1-vip60.adobe.com O1 - Hosts: www.007guard.com O1 - Hosts: 007guard.com O1 - Hosts: 008i.com O1 - Hosts: www.008k.com O1 - Hosts: 008k.com O1 - Hosts: www.00hq.com O1 - Hosts: 00hq.com O1 - Hosts: 010402.com O1 - Hosts: www.032439.com O1 - Hosts: 14870 more lines... O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Programme\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Programme\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [BikMInqAaqKWg] C:\ProgramData\BikMInqAaqKWg.exe (WinTrust) O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Electronic Arts\EADM\EADMUI.exe (Electronic Arts) O4 - HKCU..\Run: [Memory Cleaner] C:\Users\Lone\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe (KoshyJohn.com) O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Programme\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\ScCertProp: DllName - Reg Error: Key error. - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.07.14 11:29:38 | 000,000,122 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2009.08.07 15:19:44 | 000,003,650 | R--- | M] () - D:\AUTOUNATTEND.XML -- [ CDFS ] O33 - MountPoints2\{9337d420-5638-11e0-8a18-a4badb027364}\Shell - "" = AutoRun O33 - MountPoints2\{9337d420-5638-11e0-8a18-a4badb027364}\Shell\AutoRun\command - "" = H:\KASPERSKYPURE.EXE O33 - MountPoints2\{962b86d3-5620-11e0-be5d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{962b86d3-5620-11e0-be5d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2009.07.14 11:29:38 | 000,106,760 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.29 06:15:56 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\Lone\Desktop\OTL.exe [2011.04.29 05:24:59 | 007,734,208 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\Lone\Desktop\mbam-setup.exe [2011.04.29 05:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.04.29 05:02:44 | 000,000,000 | -H-D | C] -- C:\Users\Lone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.04.29 04:52:50 | 000,532,480 | -H-- | C] (WinTrust) -- C:\ProgramData\BikMInqAaqKWg.exe [2011.04.28 16:49:30 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys [2011.04.28 16:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID [2011.04.28 16:49:29 | 000,000,000 | ---D | C] -- C:\Programme\CPUID [2011.04.28 16:46:44 | 000,000,000 | -H-D | C] -- C:\Users\Lone\AppData\Roaming\NVIDIA [2011.04.28 04:34:20 | 000,000,000 | -H-D | C] -- C:\Users\Lone\AppData\Roaming\Sony [2011.04.28 04:34:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Sony [2011.04.28 04:31:32 | 000,000,000 | -H-D | C] -- C:\Users\Lone\AppData\Local\Sony [2011.04.28 04:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Ericsson [2011.04.28 04:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared [2011.04.28 04:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2011.04.27 18:54:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.04.27 18:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2011.04.27 18:53:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Apple Computer [2011.04.27 18:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2011.04.27 18:51:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Apple [2011.04.27 18:51:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2011.04.27 06:24:55 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2011.04.27 06:24:54 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2011.04.27 06:24:54 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011.04.27 06:24:54 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011.04.27 06:24:43 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll [2011.04.27 06:24:42 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll [2011.04.27 06:24:42 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2011.04.27 06:24:42 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys [2011.04.27 06:24:42 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe [2011.04.27 06:24:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe [2011.04.27 06:24:42 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys [2011.04.27 06:24:38 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe [2011.04.27 06:24:38 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe [2011.04.27 00:04:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Sun [2011.04.27 00:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.04.27 00:04:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011.04.27 00:04:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.04.27 00:04:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.04.27 00:04:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.04.27 00:03:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2011.04.20 18:32:45 | 000,000,000 | -H-D | C] -- C:\Users\Lone\Desktop\support [2011.04.16 16:15:00 | 000,000,000 | -H-D | C] -- C:\Users\Lone\AppData\Local\Chromium [2011.04.14 22:22:30 | 000,000,000 | -H-D | C] -- C:\Users\Lone\AppData\Roaming\The Creative Assembly [2011.04.14 21:41:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total War Shogun 2 [2011.04.13 13:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle [2011.04.13 13:02:01 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Tunngle [2011.04.13 13:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tunngle [2011.04.12 23:03:50 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011.04.12 23:03:50 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011.04.12 23:03:48 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.04.12 23:03:48 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.04.12 23:03:48 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.04.12 23:03:46 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll [2011.04.12 23:03:46 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll [2011.04.12 23:03:46 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll [2011.04.12 23:03:46 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll [2011.04.12 23:03:44 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2011.04.12 23:03:44 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.04.12 23:03:44 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2011.04.12 23:03:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.04.12 23:03:36 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.04.12 23:03:36 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.04.12 23:03:36 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.04.12 23:03:36 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.04.12 23:03:36 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.04.12 23:03:36 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.04.12 23:03:36 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.04.12 23:03:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.04.12 23:03:36 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.04.12 23:03:36 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.04.12 23:03:36 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.04.12 23:03:36 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.04.12 23:03:36 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.04.12 23:03:36 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.04.12 23:03:01 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll [2011.04.12 23:03:01 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe [2011.04.12 23:03:01 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe [2011.04.12 23:02:59 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi [2011.04.12 23:02:59 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe [2011.04.12 23:02:59 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi [2011.04.12 23:02:59 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe [2011.04.12 23:02:59 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll [2011.04.12 23:02:59 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll [2011.04.12 23:02:59 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll [2011.04.12 23:02:58 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe [2011.04.11 18:49:18 | 000,000,000 | -H-D | C] -- C:\Users\Lone\AppData\Local\Diagnostics [2011.04.11 18:31:25 | 000,000,000 | -H-D | C] -- C:\Users\Lone\Documents\Tunngle [2011.04.10 15:01:21 | 000,000,000 | -H-D | C] -- C:\Users\Lone\AppData\Local\Trend Micro [2011.04.10 14:41:31 | 001,988,176 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\vsapint.sys [2011.04.10 14:41:31 | 000,309,840 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmxpflt.sys [2011.04.10 14:41:31 | 000,042,576 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmpreflt.sys [2011.04.10 14:29:09 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Trend Micro [2011.04.10 14:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Internet Security Pro [2011.04.10 14:28:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Trend Micro [2011.04.10 14:27:41 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2011.04.09 20:56:01 | 000,339,984 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmwfp.sys [2011.04.09 20:56:01 | 000,200,720 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmlwf.sys [2011.04.09 20:56:01 | 000,107,536 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys [2011.04.09 20:50:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Interactive [2011.04.09 20:50:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\log [2011.04.03 15:08:36 | 000,000,000 | -H-D | C] -- C:\Users\Lone\AppData\Roaming\wtablet [2011.04.03 14:39:06 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablett [2011.04.02 17:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam [2011.04.02 17:36:36 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft LifeCam [2011.04.02 17:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam [2011.04.02 00:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.04.02 00:25:39 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.04.01 16:07:37 | 002,089,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcplUI.exe [2011.04.01 16:07:37 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFC71.dll [2011.04.01 16:07:37 | 001,071,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcplUIR.dll [2011.04.01 16:07:37 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp71.dll [2011.04.01 16:07:37 | 000,520,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr71.dll [2011.04.01 16:07:37 | 000,410,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.cpl [2011.04.01 16:07:37 | 000,388,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvexpBar.dll [2011.04.01 16:07:30 | 000,000,000 | -H-D | C] -- C:\Users\Lone\AppData\Local\NVIDIA Corporation [2011.04.01 15:40:58 | 020,284,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2011.04.01 15:40:58 | 005,473,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2011.04.01 15:40:58 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2011.04.01 15:40:58 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2011.04.01 15:40:57 | 018,597,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2011.04.01 15:40:57 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2011.04.01 15:40:57 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2011.04.01 15:40:57 | 012,788,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2011.04.01 15:40:57 | 010,023,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2011.04.01 15:40:57 | 006,471,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2011.04.01 15:40:57 | 004,837,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2011.04.01 15:40:57 | 003,112,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2011.04.01 15:40:57 | 002,934,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2011.04.01 15:40:57 | 002,912,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2011.04.01 15:40:57 | 002,666,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2011.04.01 15:40:57 | 001,500,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642050.dll [2011.04.01 15:40:57 | 001,308,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642030.dll [2011.04.01 15:40:57 | 000,386,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll [2011.04.01 15:40:57 | 000,319,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll [2011.04.01 15:40:57 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd [2011.04.01 14:39:57 | 000,000,000 | -H-D | C] -- C:\Users\Lone\AppData\Roaming\Avira [2011.04.01 14:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.04.01 14:39:24 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.04.01 14:39:24 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.04.01 14:39:24 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys [2011.04.01 14:39:24 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys [2011.04.01 14:39:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Avira [2011.04.01 14:37:57 | 000,000,000 | --SD | C] -- C:\Users\Lone\Documents\Passwords Database [2011.04.01 14:10:41 | 000,085,048 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSCrySec.sys [2011.04.01 14:10:41 | 000,066,104 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys [2011.04.01 14:10:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\Kaspersky Lab [2011.03.31 19:23:46 | 000,000,000 | -H-D | C] -- C:\Users\Lone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Ericsson [2011.03.31 19:22:16 | 000,034,032 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\seehcri.sys [2011.03.31 19:21:43 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01007.dll [2011.03.31 19:21:43 | 000,027,176 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys [2011.03.31 19:21:43 | 000,013,352 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys [2011.03.31 19:21:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson [2011.03.31 02:57:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.03.31 02:57:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011.03.31 02:52:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.03.31 02:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.03.31 02:52:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2011.03.31 02:52:01 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.03.31 02:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.03.31 02:12:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\oLb28604mNbBb28604 ========== Files - Modified Within 30 Days ========== [2011.04.29 06:22:18 | 000,504,657 | ---- | M] () -- C:\Users\Lone\Desktop\unhide.exe [2011.04.29 06:15:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lone\Desktop\OTL.exe [2011.04.29 06:09:46 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.29 06:09:46 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.29 06:01:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.29 06:01:41 | 2408,828,928 | -HS- | M] () -- C:\hiberfil.sys [2011.04.29 05:30:38 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat [2011.04.29 05:25:27 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Lone\Desktop\mbam-setup.exe [2011.04.29 05:03:29 | 000,001,258 | ---- | M] () -- C:\Users\Lone\Desktop\Spybot - Search & Destroy.lnk [2011.04.29 05:02:46 | 000,000,631 | ---- | M] () -- C:\Users\Lone\Desktop\Windows Recovery.lnk [2011.04.29 05:02:46 | 000,000,120 | ---- | M] () -- C:\ProgramData\~46849800 [2011.04.29 05:02:45 | 000,000,136 | ---- | M] () -- C:\ProgramData\~46849800r [2011.04.29 05:02:14 | 000,000,328 | ---- | M] () -- C:\ProgramData\46849800 [2011.04.29 05:02:09 | 000,458,752 | ---- | M] () -- C:\ProgramData\46849800.exe [2011.04.29 04:52:49 | 000,532,480 | ---- | M] (WinTrust) -- C:\ProgramData\BikMInqAaqKWg.exe [2011.04.28 22:03:35 | 016,234,656 | ---- | M] () -- C:\Users\Lone\Desktop\autosave.save_multiplayer [2011.04.28 21:55:03 | 016,184,575 | ---- | M] () -- C:\Users\Lone\Desktop\multiplayer_campaign_6cb136_3f800000_88.save_multiplayer [2011.04.28 16:16:42 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.28 16:16:42 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.28 16:16:42 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.28 16:16:42 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.28 16:16:42 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.28 04:21:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.04.27 00:03:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011.04.27 00:03:54 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.04.27 00:03:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.04.27 00:03:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.04.26 15:44:24 | 000,029,525 | ---- | M] () -- C:\Users\Lone\Documents\playlist.m3u [2011.04.25 01:43:34 | 000,017,073 | ---- | M] () -- C:\Users\Lone\Desktop\raincoat.jpg [2011.04.21 13:58:35 | 000,027,620 | ---- | M] () -- C:\Users\Lone\Desktop\season_of_the_witch_cage.jpg [2011.04.21 13:58:15 | 000,060,444 | ---- | M] () -- C:\Users\Lone\Desktop\season_of_the_witch_movie_image_nicolas_cage_02.jpg [2011.04.20 00:16:12 | 000,074,941 | ---- | M] () -- C:\Users\Lone\Desktop\article-1038592-021165F100000578-68_468x873.jpg [2011.04.20 00:07:39 | 000,028,823 | ---- | M] () -- C:\Users\Lone\Desktop\dunst01_49ddc266eda67-t.jpg [2011.04.16 15:29:55 | 000,001,517 | ---- | M] () -- C:\Users\Lone\Desktop\Shogun2 - Verknüpfung.lnk [2011.04.16 01:58:22 | 000,046,610 | ---- | M] () -- C:\Users\Lone\Desktop\PCH1875.jpg [2011.04.13 23:26:28 | 000,266,400 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.04.13 23:26:28 | 000,266,400 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.04.13 23:26:01 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2011.04.13 13:07:12 | 003,017,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.04.13 03:47:37 | 000,017,094 | ---- | M] () -- C:\Users\Lone\Desktop\52399_md.jpg [2011.04.13 03:45:05 | 000,036,659 | ---- | M] () -- C:\Users\Lone\Desktop\ryan_reynolds-adventureland-1-229x300.jpg [2011.04.11 18:57:42 | 000,000,439 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2011.04.10 14:41:42 | 000,432,122 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin [2011.04.10 14:41:37 | 000,432,122 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin [2011.04.09 20:56:01 | 000,339,984 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmwfp.sys [2011.04.09 20:56:01 | 000,200,720 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmlwf.sys [2011.04.09 20:56:01 | 000,107,536 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys [2011.04.06 23:09:58 | 000,022,179 | ---- | M] () -- C:\Users\Lone\Desktop\699003.JPG [2011.04.06 19:20:16 | 000,022,718 | ---- | M] () -- C:\Users\Lone\Desktop\sun-picture-auckland_16726.jpg [2011.04.05 22:00:01 | 000,021,129 | ---- | M] () -- C:\Users\Lone\Desktop\Untitled.jpg [2011.04.05 18:00:46 | 000,049,136 | ---- | M] () -- C:\Users\Lone\Desktop\product_3840_max.jpg [2011.04.02 23:54:26 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.04.02 00:33:07 | 000,048,754 | ---- | M] () -- C:\Users\Lone\Documents\cc_20110402_003253.reg [2011.03.31 19:36:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01007.Wdf [2011.03.31 19:36:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01007.Wdf [2011.03.31 19:22:16 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\seehcri.sys [2011.03.31 19:21:43 | 001,490,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01007.dll [2011.03.31 19:21:43 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys [2011.03.31 19:21:43 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys [2011.03.31 03:21:35 | 000,000,241 | ---- | M] () -- C:\UnKIS.reg [2011.03.31 03:00:37 | 000,432,122 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.03.30 17:39:36 | 000,001,958 | ---- | M] () -- C:\Users\Lone\Desktop\Memory Cleaner.lnk [2011.03.30 17:34:09 | 000,038,458 | ---- | M] () -- C:\Users\Lone\Desktop\mp5k.gif ========== Files Created - No Company Name ========== [2011.04.29 06:22:17 | 000,504,657 | ---- | C] () -- C:\Users\Lone\Desktop\unhide.exe [2011.04.29 05:03:29 | 000,001,258 | -H-- | C] () -- C:\Users\Lone\Desktop\Spybot - Search & Destroy.lnk [2011.04.29 05:02:46 | 000,000,631 | -H-- | C] () -- C:\Users\Lone\Desktop\Windows Recovery.lnk [2011.04.29 05:02:45 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~46849800r [2011.04.29 05:02:44 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~46849800 [2011.04.29 05:02:14 | 000,000,328 | -H-- | C] () -- C:\ProgramData\46849800 [2011.04.29 05:02:09 | 000,458,752 | -H-- | C] () -- C:\ProgramData\46849800.exe [2011.04.28 22:32:45 | 016,234,656 | -H-- | C] () -- C:\Users\Lone\Desktop\autosave.save_multiplayer [2011.04.28 22:32:45 | 016,184,575 | -H-- | C] () -- C:\Users\Lone\Desktop\multiplayer_campaign_6cb136_3f800000_88.save_multiplayer [2011.04.28 04:21:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.04.25 01:43:34 | 000,017,073 | -H-- | C] () -- C:\Users\Lone\Desktop\raincoat.jpg [2011.04.21 13:58:35 | 000,027,620 | -H-- | C] () -- C:\Users\Lone\Desktop\season_of_the_witch_cage.jpg [2011.04.21 13:58:15 | 000,060,444 | -H-- | C] () -- C:\Users\Lone\Desktop\season_of_the_witch_movie_image_nicolas_cage_02.jpg [2011.04.20 00:16:12 | 000,074,941 | -H-- | C] () -- C:\Users\Lone\Desktop\article-1038592-021165F100000578-68_468x873.jpg [2011.04.20 00:07:38 | 000,028,823 | -H-- | C] () -- C:\Users\Lone\Desktop\dunst01_49ddc266eda67-t.jpg [2011.04.16 15:29:55 | 000,001,517 | -H-- | C] () -- C:\Users\Lone\Desktop\Shogun2 - Verknüpfung.lnk [2011.04.16 01:58:22 | 000,046,610 | -H-- | C] () -- C:\Users\Lone\Desktop\PCH1875.jpg [2011.04.13 03:47:37 | 000,017,094 | -H-- | C] () -- C:\Users\Lone\Desktop\52399_md.jpg [2011.04.07 18:46:39 | 000,036,659 | -H-- | C] () -- C:\Users\Lone\Desktop\ryan_reynolds-adventureland-1-229x300.jpg [2011.04.06 23:09:58 | 000,022,179 | -H-- | C] () -- C:\Users\Lone\Desktop\699003.JPG [2011.04.06 19:20:16 | 000,022,718 | -H-- | C] () -- C:\Users\Lone\Desktop\sun-picture-auckland_16726.jpg [2011.04.05 22:00:01 | 000,021,129 | -H-- | C] () -- C:\Users\Lone\Desktop\Untitled.jpg [2011.04.05 18:00:46 | 000,049,136 | -H-- | C] () -- C:\Users\Lone\Desktop\product_3840_max.jpg [2011.04.03 05:20:28 | 000,029,525 | -H-- | C] () -- C:\Users\Lone\Documents\playlist.m3u [2011.04.02 00:32:59 | 000,048,754 | -H-- | C] () -- C:\Users\Lone\Documents\cc_20110402_003253.reg [2011.03.31 19:36:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01007.Wdf [2011.03.31 19:36:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01007.Wdf [2011.03.31 03:02:27 | 000,000,241 | ---- | C] () -- C:\UnKIS.reg [2011.03.30 17:39:36 | 000,001,958 | -H-- | C] () -- C:\Users\Lone\Desktop\Memory Cleaner.lnk [2011.03.26 14:14:22 | 000,000,636 | ---- | C] () -- C:\Windows\HBCIKRNL.INI [2011.03.25 04:40:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2011.03.24 20:21:39 | 000,000,093 | -H-- | C] () -- C:\Users\Lone\AppData\Local\fusioncache.dat [2011.03.24 20:21:39 | 000,000,000 | -HS- | C] () -- C:\Users\Lone\AppData\Local\cleanmgr.exe [2011.03.24 20:21:39 | 000,000,000 | -HS- | C] () -- C:\Users\Lone\AppData\Local\cleanmgr.dll [2011.03.24 20:15:35 | 000,266,400 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.03.24 20:15:34 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.03.24 20:15:34 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.03.24 17:13:11 | 000,000,192 | ---- | C] () -- C:\Windows\winamp.ini [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.26 17:24:18 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007.08.16 16:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll [2006.10.12 17:35:56 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\Instx64.exe [2005.12.21 17:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll [2005.12.21 17:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\Lone\Documents\ICQ:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Lone\Documents\DataRecovery_EN:Roxio EMC Stream < End of report > Code:
ATTFilter OTL Extras logfile created on: 29.04.2011 06:17:07 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Lone\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 66,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 457,06 Gb Total Space | 213,29 Gb Free Space | 46,67% Space Free | Partition Type: NTFS Drive D: | 4,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 465,76 Gb Total Space | 95,74 Gb Free Space | 20,56% Space Free | Partition Type: NTFS Drive I: | 1,86 Gb Total Space | 1,78 Gb Free Space | 95,97% Space Free | Partition Type: FAT32 Computer Name: BERND-PC | User Name: Lone | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AutoUpdateDisableNotify" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64 "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64 "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64 "{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam "{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security Pro "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64 "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4 "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4 "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation "{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security Pro "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit) "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "TeamSpeak 3 Client" = TeamSpeak 3 Client "Wacom Tablet Driver" = Wacom Tablett [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4 "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{424A7E9F-8B18-42AF-AF62-6C0EED94737F}" = StarMoney 7.0 S-Edition "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{571F05B7-2A46-467E-96AB-25F925C93778}" = StarMoney 6.0 S-Edition "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2 "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B388231D-672A-4169-A3DF-BD80266252AB}" = StarMoney "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{E0C6E805-C83A-4299-90A9-A29A0F3AC3EA}" = SPR532 SmartCard Reader V1.82.0001 "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4 "{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4 "CloneCD" = CloneCD "DAEMON Tools Pro" = DAEMON Tools Pro "EADM" = EA Download Manager "ENTERPRISE" = Microsoft Office Enterprise 2007 "InstallShield_{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance "InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Opera 11.10.2092" = Opera 11.10 "Poser Figure Artist" = Poser Figure Artist "PunkBusterSvc" = PunkBuster Services "Steam App 42700" = Call of Duty: Black Ops "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "Tunngle beta_is1" = Tunngle beta "Update Service" = Sony Ericsson Update Service "UseNeXT_is1" = UseNeXT "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 1.1.8 "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR Archivierer ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 25.04.2011 13:24:01 | Computer Name = Bernd-PC | Source = Application Hang | ID = 1002 Description = Programm Shogun2.exe, Version kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1ee4 Startzeit: 01cc0367d6d939f1 Endzeit: 101 Anwendungspfad: C:\Program Files (x86)\Total War Shogun 2\Shogun2.exe Berichts-ID: Error - 25.04.2011 13:27:05 | Computer Name = Bernd-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Shogun2.exe, Version:, Zeitstempel: 0x4d836e9f Name des fehlerhaften Moduls: Shogun2.dll, Version:, Zeitstempel: 0x4d8b42b3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0052f73e ID des fehlerhaften Prozesses: 0x1e30 Startzeit der fehlerhaften Anwendung: 0x01cc036da64759ed Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Total War Shogun 2\Shogun2.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Total War Shogun 2\Shogun2.dll Berichtskennung: 3d1963bf-6f61-11e0-b51c-a4badb027364 Error - 25.04.2011 13:27:09 | Computer Name = Bernd-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Shogun2.exe, Version:, Zeitstempel: 0x4d836e9f Name des fehlerhaften Moduls: Shogun2.dll, Version:, Zeitstempel: 0x4d8b42b3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0052f73e ID des fehlerhaften Prozesses: 0x1e30 Startzeit der fehlerhaften Anwendung: 0x01cc036da64759ed Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Total War Shogun 2\Shogun2.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Total War Shogun 2\Shogun2.dll Berichtskennung: 3f08def1-6f61-11e0-b51c-a4badb027364 Error - 27.04.2011 08:29:39 | Computer Name = Bernd-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Shogun2.exe, Version:, Zeitstempel: 0x4d836e9f Name des fehlerhaften Moduls: Shogun2.dll, Version:, Zeitstempel: 0x4d8b42b3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000c37a0 ID des fehlerhaften Prozesses: 0x1f40 Startzeit der fehlerhaften Anwendung: 0x01cc04d1f6098fc7 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Total War Shogun 2\Shogun2.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Total War Shogun 2\Shogun2.dll Berichtskennung: 04627aab-70ca-11e0-b51c-a4badb027364 Error - 27.04.2011 08:30:05 | Computer Name = Bernd-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Shogun2.exe, Version:, Zeitstempel: 0x4d836e9f Name des fehlerhaften Moduls: Shogun2.dll, Version:, Zeitstempel: 0x4d8b42b3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000c37a0 ID des fehlerhaften Prozesses: 0x1f40 Startzeit der fehlerhaften Anwendung: 0x01cc04d1f6098fc7 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Total War Shogun 2\Shogun2.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Total War Shogun 2\Shogun2.dll Berichtskennung: 13e447bc-70ca-11e0-b51c-a4badb027364 Error - 27.04.2011 09:16:20 | Computer Name = Bernd-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Shogun2.exe, Version:, Zeitstempel: 0x4d836e9f Name des fehlerhaften Moduls: Shogun2.dll, Version:, Zeitstempel: 0x4d8b42b3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0128b6ec ID des fehlerhaften Prozesses: 0x694 Startzeit der fehlerhaften Anwendung: 0x01cc04d70f5e07ac Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Total War Shogun 2\Shogun2.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Total War Shogun 2\Shogun2.dll Berichtskennung: 8a6bd0b6-70d0-11e0-b51c-a4badb027364 Error - 27.04.2011 09:16:51 | Computer Name = Bernd-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Shogun2.exe, Version:, Zeitstempel: 0x4d836e9f Name des fehlerhaften Moduls: Shogun2.dll, Version:, Zeitstempel: 0x4d8b42b3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0128b6ec ID des fehlerhaften Prozesses: 0x694 Startzeit der fehlerhaften Anwendung: 0x01cc04d70f5e07ac Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Total War Shogun 2\Shogun2.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Total War Shogun 2\Shogun2.dll Berichtskennung: 9cd251ff-70d0-11e0-b51c-a4badb027364 Error - 27.04.2011 17:13:14 | Computer Name = Bernd-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Shogun2.exe, Version:, Zeitstempel: 0x4d836e9f Name des fehlerhaften Moduls: Shogun2.dll, Version:, Zeitstempel: 0x4d8b42b3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0013a674 ID des fehlerhaften Prozesses: 0xc60 Startzeit der fehlerhaften Anwendung: 0x01cc0508411335ed Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Total War Shogun 2\Shogun2.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Total War Shogun 2\Shogun2.dll Berichtskennung: 2991285b-7113-11e0-b51c-a4badb027364 Error - 27.04.2011 17:14:08 | Computer Name = Bernd-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Shogun2.exe, Version:, Zeitstempel: 0x4d836e9f Name des fehlerhaften Moduls: Shogun2.dll, Version:, Zeitstempel: 0x4d8b42b3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0013a674 ID des fehlerhaften Prozesses: 0xc60 Startzeit der fehlerhaften Anwendung: 0x01cc0508411335ed Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Total War Shogun 2\Shogun2.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Total War Shogun 2\Shogun2.dll Berichtskennung: 4967f414-7113-11e0-b51c-a4badb027364 Error - 27.04.2011 19:30:01 | Computer Name = Bernd-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Shogun2.exe, Version:, Zeitstempel: 0x4d836e9f Name des fehlerhaften Moduls: Shogun2.dll, Version:, Zeitstempel: 0x4d8b42b3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00aa56e9 ID des fehlerhaften Prozesses: 0x1afc Startzeit der fehlerhaften Anwendung: 0x01cc05204be9466e Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Total War Shogun 2\Shogun2.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Total War Shogun 2\Shogun2.dll Berichtskennung: 4536925c-7126-11e0-b51c-a4badb027364 [ System Events ] Error - 27.04.2011 21:55:41 | Computer Name = Bernd-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 27.04.2011 21:59:05 | Computer Name = Bernd-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 27.04.2011 22:19:41 | Computer Name = Bernd-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 27.04.2011 22:28:28 | Computer Name = Bernd-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 27.04.2011 22:29:43 | Computer Name = Bernd-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 27.04.2011 22:34:37 | Computer Name = Bernd-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 27.04.2011 23:23:42 | Computer Name = Bernd-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 28.04.2011 00:29:15 | Computer Name = Bernd-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 28.04.2011 09:59:59 | Computer Name = Bernd-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 28.04.2011 10:57:07 | Computer Name = Bernd-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. < End of report > Gruß Lonester Malewarebytes ist nun auch durch. Ich hab den Scan nur einmal durchgeführt und nur diese Logdatei. Code:
ATTFilter Malwarebytes' Anti-Malware www.malwarebytes.org Datenbank Version: 6468 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 29.04.2011 15:21:43 mbam-log-2011-04-29 (15-21-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Durchsuchte Objekte: 426369 Laufzeit: 1 Stunde(n), 32 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 6 Infizierte Speicherprozesse: c:\programdata\bikminqaaqkwg.exe (Trojan.FakeAlert) -> 5052 -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BikMInqAaqKWg (Trojan.FakeAlert) -> Value: BikMInqAaqKWg -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Users\Lone\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully. Infizierte Dateien: c:\programdata\bikminqaaqkwg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\programdata\46849800.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Lone\AppData\Local\Temp\tmpBEA7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully c:\Users\Lone\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\Lone\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\Lone\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. Und hier ist die zweite Logdatei vom zweiten Malwarebytes Scan. Sieht so aus als ob der Virus futsch wäre. Trotz unhide.exe fehlen noch einige sachen auf meinem desktop und in der startleiste. Superantispyware ist auch durchgelaufen aber hat keinen Report hinterlassen. Code:
ATTFilter Malwarebytes' Anti-Malware www.malwarebytes.org Datenbank Version: 6468 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 29.04.2011 19:33:51 mbam-log-2011-04-29 (19-33-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 318140 Laufzeit: 3 Stunde(n), 48 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
![]() | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() TR/Kazy hat zugeschlagen Die Scans sind schon etwas her. Bitte Malwarebytes updaten und einen neuen Vollscan machen.
__________________ |
![]() |
Themen zu TR/Kazy hat zugeschlagen |
.com, 64-bit, adobe, alternate, autorun, avg, bho, black, c:\windows\system32\rundll32.exe, call of duty, cpu-z, einstellungen, error, excel, explorer, festplatte, festplatte beschädigt, firefox, flash player, format, home, install.exe, langs, location, logfile, microsoft office word, mozilla, office 2007, oldtimer, photoshop, plug-in, registry, rundll, safer networking, saver, scan, searchplugins, security, security update, senden, shell32.dll, shortcut, softonic, software, starmoney, start menu, syswow64, teamspeak, usenext, webcheck, windows |