| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BOOTDss.M erfolgreich entfernt... Hoffe ich.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.05.2011, 21:47
| #1 |
| |  BOOTDss.M erfolgreich entfernt... Hoffe ich. Also ich hab mir wie der Titel schon sagt diesen Virus eingefangen. Ist bisher alles folgendermaßen abgelaufen: 1.Virus mit Antivir erstmals entdeckt 2.Nach Forschungen im Internet Datei mit TDSSKILLER.exe gelöscht 3.Dann Malwarebytes drüberlaufen lassen, wieder 2 Funde gefunden (Rootkit.TDSS.Gen und Malware.Packer.Gen). 4. Beide entfernt Aber ich weis nicht ob ich des Ding jetzt los bin oder nicht. Hier sind mal alle Logfiles die ihr braucht... hoff ich: Malwarebytes Logfile: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6485 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 01.05.2011 21:59:43 mbam-log-2011-05-01 (21-59-43).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 162717 Laufzeit: 2 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\$Recycle.Bin\s-1-5-21-2365198653-1014575356-3896184517-1000\$ro5jbfd.2-kaos\d3drm.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully. c:\Users\Mike\AppData\Local\Temp\CFF8.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. Und hier die OTL Logfile:OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.05.2011 22:21:46 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Mike\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 73,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 368,10 Gb Total Space | 74,06 Gb Free Space | 20,12% Space Free | Partition Type: NTFS Drive D: | 115,30 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.01 22:12:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe PRC - [2011.04.01 07:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.03.22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe PRC - [2011.03.01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011.03.01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe PRC - [2011.01.07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.12.05 20:32:58 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.09.16 15:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2010.09.15 10:37:40 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysWOW64\dgdersvc.exe PRC - [2010.01.22 12:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe PRC - [2009.03.20 02:03:00 | 001,904,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe PRC - [2007.04.25 19:02:30 | 003,444,008 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe ========== Modules (SafeList) ========== MOD - [2011.05.01 22:12:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009.07.20 04:00:00 | 000,057,344 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\x86\GameHook.dll MOD - [2009.07.20 04:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\x86\lgscroll.dll MOD - [2009.06.10 23:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll MOD - [2007.04.24 19:25:46 | 000,112,400 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.04.01 07:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.01.07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.12.05 20:32:58 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.09.21 10:59:52 | 001,957,672 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.09.16 15:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2010.09.15 10:37:40 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.07.16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.04.01 17:07:25 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.04.01 17:07:25 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.04.01 07:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64) Logitech Webcam 200(UVC) DRV:64bit: - [2011.04.01 07:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.12 01:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.10.03 14:00:21 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.07.26 15:18:58 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv) DRV:64bit: - [2010.07.26 15:15:26 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.06.25 17:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.06.21 05:26:38 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2010.06.21 05:26:38 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2010.06.21 05:26:36 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2010.06.21 05:26:36 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2010.04.27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2010.04.27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2010.04.27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2010.04.27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2010.04.27 04:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010.04.27 04:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2010.04.27 04:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010.03.04 21:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.03.02 19:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2010.01.22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.01.22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.11.01 20:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.17 18:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.06.17 18:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd) DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.20 02:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2009.03.20 02:03:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV - [2010.09.15 10:37:40 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2010.07.26 15:15:26 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {c840e246-6b95-475e-9bd7-caa1c7eca9f2}:3.2.5.2 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.01 19:20:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.23 20:48:59 | 000,000,000 | ---D | M] [2010.09.25 03:30:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\Extensions [2011.04.27 16:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\pazyb9p1.default\extensions [2011.03.22 23:09:17 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\pazyb9p1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.03.24 16:32:43 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\pazyb9p1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.10.27 15:27:28 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\pazyb9p1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.24 16:32:44 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\pazyb9p1.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2011.03.24 16:32:43 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\pazyb9p1.default\extensions\engine@conduit.com [2011.03.23 20:49:11 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\pazyb9p1.default\extensions\toolbar@web.de [2011.04.30 00:52:03 | 000,000,950 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\pazyb9p1.default\searchplugins\icqplugin-1.xml [2011.03.07 09:45:02 | 000,000,950 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\pazyb9p1.default\searchplugins\icqplugin-2.xml [2011.03.23 20:49:41 | 000,000,950 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\pazyb9p1.default\searchplugins\icqplugin-3.xml [2011.05.01 18:02:18 | 000,000,950 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\pazyb9p1.default\searchplugins\icqplugin-4.xml [2011.05.01 21:05:06 | 000,000,656 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\pazyb9p1.default\searchplugins\icqplugin-5-1.xml [2011.02.20 12:21:20 | 000,000,618 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\pazyb9p1.default\searchplugins\icqplugin-5.xml [2011.02.20 12:21:20 | 000,000,168 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\pazyb9p1.default\searchplugins\icqplugin.gif [2011.02.27 20:21:18 | 000,001,056 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\pazyb9p1.default\searchplugins\icqplugin.xml [2011.03.23 20:49:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.11.01 15:58:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.28 20:20:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.18 21:17:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.03.23 20:49:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2011.03.23 20:49:00 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de File not found (No name found) -- () (No name found) -- C:\USERS\MIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PAZYB9P1.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (FG2CatchUrl) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files (x86)\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] File not found O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: &Download All by FlashGet - C:\Program Files (x86)\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm () O8:64bit: - Extra context menu item: &Download by FlashGet - C:\Program Files (x86)\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Mike\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files (x86)\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm () O8 - Extra context menu item: &Download by FlashGet - C:\Program Files (x86)\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Mike\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{182e6dd1-cee6-11df-9951-0007611fcf01}\Shell - "" = AutoRun O33 - MountPoints2\{182e6dd1-cee6-11df-9951-0007611fcf01}\Shell\AutoRun\command - "" = E:\autorun.exe -auto O33 - MountPoints2\{95ca8b61-c842-11df-a6a9-8f136b49948d}\Shell - "" = AutoRun O33 - MountPoints2\{95ca8b61-c842-11df-a6a9-8f136b49948d}\Shell\AutoRun\command - "" = F:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.01 22:12:10 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe [2011.05.01 21:49:57 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Malwarebytes [2011.05.01 21:49:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.05.01 21:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.01 21:49:49 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.05.01 21:49:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.05.01 21:25:16 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2011.05.01 21:13:03 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Avira [2011.05.01 21:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.05.01 21:11:52 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.05.01 21:11:52 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.05.01 21:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.05.01 18:12:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2011.05.01 14:59:46 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Gas Powered Games [2011.05.01 13:45:35 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\oblivion [2011.05.01 12:22:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Supreme Commander 2 [2011.05.01 00:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks [2011.04.30 23:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 2 [2011.04.30 23:33:36 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\BioWare [2011.04.30 23:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age II [2011.04.30 23:16:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare [2011.04.30 21:40:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2011.04.30 21:17:19 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\SKIDROW [2011.04.30 21:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve [2011.04.20 22:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.04.19 07:57:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Help [2011.04.18 15:12:29 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Divinity 2 [2011.04.16 01:27:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 [2011.04.16 01:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2011.04.14 14:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2011.04.14 01:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2011.04.12 22:52:31 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2011.04.12 22:52:31 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2011.04.12 16:38:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2011.04.12 15:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2011.04.12 15:58:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2011.04.12 15:57:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2011.04.12 15:57:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2011.04.12 11:36:47 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Microsoft Games [2011.04.11 22:13:54 | 000,000,000 | ---D | C] -- C:\ProgramData\KingsIsle Entertainment [2011.04.10 02:57:15 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\reakktor [2011.04.10 02:07:55 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\Reakktor Media [2010.02.04 00:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.01 22:12:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe [2011.05.01 22:10:07 | 000,021,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.01 22:10:07 | 000,021,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.01 22:04:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2011.05.01 22:04:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.01 22:04:50 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2011.05.01 21:49:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.01 21:11:58 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.05.01 20:38:16 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2011.04.30 21:41:57 | 000,392,243 | ---- | M] () -- C:\AnalysisLog.sr0 [2011.04.30 21:14:32 | 000,001,553 | ---- | M] () -- C:\Users\Public\Desktop\Portal 2.lnk [2011.04.27 16:27:00 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.04.27 16:27:00 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.04.27 16:27:00 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2011.04.27 10:10:18 | 001,644,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.27 10:10:18 | 000,707,908 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.27 10:10:18 | 000,661,504 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.27 10:10:18 | 000,153,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.27 10:10:18 | 000,125,590 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.20 22:42:57 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.04.19 19:58:29 | 020,533,281 | ---- | M] () -- C:\Users\Mike\Documents\vlc-1.1.9-win32.exe [2011.04.18 15:00:14 | 000,439,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.04.14 15:43:43 | 000,000,221 | ---- | M] () -- C:\Users\Mike\Desktop\Dawn of War II - Retribution.url [2011.04.12 12:50:27 | 000,000,139 | ---- | M] () -- C:\Users\Mike\Documents\aionmemo_c1b89fb0.dat [2011.04.10 02:03:28 | 001,621,332 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.01 21:49:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.01 21:11:58 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.05.01 20:38:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.04.30 21:41:15 | 000,392,243 | ---- | C] () -- C:\AnalysisLog.sr0 [2011.04.30 21:14:32 | 000,001,553 | ---- | C] () -- C:\Users\Public\Desktop\Portal 2.lnk [2011.04.20 22:42:57 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.04.19 19:58:12 | 020,533,281 | ---- | C] () -- C:\Users\Mike\Documents\vlc-1.1.9-win32.exe [2011.04.14 15:43:43 | 000,000,221 | ---- | C] () -- C:\Users\Mike\Desktop\Dawn of War II - Retribution.url [2011.04.12 16:59:18 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2011.04.01 07:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2011.04.01 07:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.04.01 07:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2011.03.30 23:04:18 | 000,000,000 | ---- | C] () -- C:\Windows\EngineExe.INI [2011.03.30 19:27:06 | 000,000,000 | ---- | C] () -- C:\Windows\PanelExe.INI [2010.12.09 21:38:00 | 000,007,602 | ---- | C] () -- C:\Users\Mike\AppData\Local\Resmon.ResmonCfg [2010.12.05 17:43:59 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2010.12.05 16:25:21 | 000,000,092 | ---- | C] () -- C:\Users\Mike\AppData\Local\fusioncache.dat [2010.12.02 19:08:45 | 000,005,112 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2010.11.17 01:48:51 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx14_ic.ini [2010.10.21 21:22:39 | 000,005,632 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.21 16:42:15 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll [2010.10.18 18:58:31 | 000,005,024 | ---- | C] () -- C:\Windows\SysWow64\FilterData.dat [2010.10.16 12:45:30 | 001,621,332 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.10.11 09:41:17 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.10.11 09:41:16 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2010.10.11 09:41:16 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.10.03 14:46:24 | 000,052,836 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll [2010.10.03 14:46:23 | 001,199,179 | ---- | C] () -- C:\Windows\unins001.exe [2010.10.03 14:46:23 | 000,394,752 | ---- | C] () -- C:\Windows\SysWow64\cygwinb19.dll [2010.10.03 14:46:23 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll [2010.10.03 14:46:23 | 000,010,125 | ---- | C] () -- C:\Windows\unins001.dat [2010.10.03 14:45:34 | 001,199,175 | ---- | C] () -- C:\Windows\unins000.exe [2010.10.03 14:45:34 | 000,008,141 | ---- | C] () -- C:\Windows\unins000.dat [2010.10.01 20:38:38 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.09.30 14:00:02 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.07.26 15:18:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2010.07.26 15:18:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2010.07.26 15:18:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2010.07.26 15:18:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2010.07.26 10:13:40 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010.06.23 12:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.06.23 12:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009.08.16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI ========== LOP Check ========== [2011.05.01 21:22:34 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\BITS [2010.11.17 01:43:39 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\calibre [2010.12.02 19:08:45 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Carambis [2010.10.03 14:06:51 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\DAEMON Tools Lite [2011.05.01 21:37:13 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Dropbox [2010.10.27 15:27:28 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\DVDVideoSoftIEHelpers [2010.11.30 23:25:20 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\GetRightToGo [2011.02.08 22:08:28 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\gtk-2.0 [2011.04.23 22:09:46 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ICQ [2010.09.25 04:53:18 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Leadertech [2011.03.30 19:23:19 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mobile Action [2010.10.16 12:24:40 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Need for Speed World [2010.11.01 16:00:30 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\OpenOffice.org [2011.02.26 17:48:53 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\RIFT [2010.09.28 20:20:34 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Samsung [2010.09.26 17:49:39 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\TeamViewer [2011.05.01 22:13:55 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\TeraCopy [2010.10.21 17:59:28 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\TrojanHunter [2010.09.25 04:07:17 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\TuneUp Software [2011.05.01 19:20:47 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\uTorrent [2011.04.09 18:22:06 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\VidCoder [2010.09.25 03:59:34 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Win7codecs [2011.03.09 20:04:42 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < Also ich hab mir wie der Titel schon sagt diesen Virus eingefangen. Ist bisher alles folgendermaßen abgelaufen: > < 1.Virus mit Antivir erstmals entdeckt > < 2.Nach Forschungen im Internet Datei mit TDSSKILLER.exe gelöscht > < 3.Dann Malwarebytes drüberlaufen lassen, wieder 2 Funde gefunden (Rootkit.TDSS.Gen und Malware.Packer.Gen). > < 4. Beide entfernt > < > < Aber ich weis nicht ob ich des Ding jetzt los bin oder nicht. Hier sind mal alle Logfiles die ihr braucht... hoff ich: > < > < Malwarebytes Logfile: > < > < Malwarebytes' Anti-Malware 1.50.1.1100 > < www.malwarebytes.org > < > < Datenbank Version: 6485 > < > < Windows 6.1.7600 > < Internet Explorer 8.0.7600.16385 > < > < 01.05.2011 21:59:43 > < mbam-log-2011-05-01 (21-59-43).txt > < > < Art des Suchlaufs: Quick-Scan > < Durchsuchte Objekte: 162717 > < Laufzeit: 2 Minute(n), 10 Sekunde(n) > < > < Infizierte Speicherprozesse: 0 > < Infizierte Speichermodule: 0 > < Infizierte Registrierungsschlüssel: 0 > < Infizierte Registrierungswerte: 0 > < Infizierte Dateiobjekte der Registrierung: 0 > < Infizierte Verzeichnisse: 0 > < Infizierte Dateien: 2 > < > < Infizierte Speicherprozesse: > < (Keine bösartigen Objekte gefunden) > < > < Infizierte Speichermodule: > < (Keine bösartigen Objekte gefunden) > < > < Infizierte Registrierungsschlüssel: > < (Keine bösartigen Objekte gefunden) > < > < Infizierte Registrierungswerte: > < (Keine bösartigen Objekte gefunden) > < > < Infizierte Dateiobjekte der Registrierung: > < (Keine bösartigen Objekte gefunden) > < > < Infizierte Verzeichnisse: > < (Keine bösartigen Objekte gefunden) > < > < Infizierte Dateien: > < c:\$Recycle.Bin\s-1-5-21-2365198653-1014575356-3896184517-1000\$ro5jbfd.2-kaos\d3drm.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully. > < c:\Users\Mike\AppData\Local\Temp\CFF8.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D06A4C76 < End of report > Hier die OTL-Extras TextDatei:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.05.2011 22:21:46 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Mike\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 73,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 368,10 Gb Total Space | 74,06 Gb Free Space | 20,12% Space Free | Partition Type: NTFS
Drive D: | 115,30 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- (FLASHGET)
"C:\Program Files (x86)\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"C:\Program Files (x86)\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx
"C:\Program Files (x86)\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- (FLASHGET)
"C:\Program Files (x86)\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"C:\Program Files (x86)\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86, x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Adobe Flash Player Plugin 64" = Adobe Flash Player 10 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeraCopy_is1" = TeraCopy 2.12
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0FB0306C-11D8-35F2-9AC9-121FA753F9AD}" = Visual C++ 2008 x64 Runtime - (v9.0.30729.5026)
"{0FB0306C-11D8-35F2-9AC9-121FA753F9AD}.vc_x64runtime_30729_5026" = Visual C++ 2008 x64 Runtime - v9.0.30729.5026
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{542068F1-9AAE-4E1B-8ACA-094FE03728BE}" = Carambis Driver Updater
"{5D8057E7-FF6A-4700-AF1F-4755DEE440CF}" = calibre
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A07F7DC-18DB-0200-0000-000000000000}" = Android Manager WiFi
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{786547F9-59BB-4FA3-B2D8-327FF1F14870}" = Adobe Flash Player 9 ActiveX
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D54640A3-2C2B-4CB1-9666-01E55F54E7F5}" = NCsoft Launcher
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E04ACCBC-DF36-364E-87E8-6C24BB981AB8}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.5026)
"{E04ACCBC-DF36-364E-87E8-6C24BB981AB8}.vc_x86runtime_30729_5026" = Visual C++ 2008 x86 Runtime - v9.0.30729.5026
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Axife Mouse Recorder DEMO_is1" = Axife Mouse Recorder DEMO 5.01
"conduitEngine" = Conduit Engine
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FlashGet 2.0" = FlashGet 2.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ObjectDock" = ObjectDock
"PlayRF USA 15.00" = PlayRF USA 15.00
"Postal 2_is1" = Portal 2
"PunkBusterSvc" = PunkBuster Services
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"TeamViewer 5" = TeamViewer 5
"Two Worlds II" = Two Worlds II
"uTorrent" = µTorrent
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"VLC media player" = VLC media player 1.1.9
"Word to PDF Converter" = Word to PDF Converter
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"NCsoft-Aion" = Aion
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.04.2011 04:23:29 | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TwoWorlds2.exe, Version: 1.1.0.0,
Zeitstempel: 0x4d093148 Name des fehlerhaften Moduls: TwoWorlds2.exe, Version: 1.1.0.0,
Zeitstempel: 0x4d093148 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00722a90 ID des fehlerhaften
Prozesses: 0xf1c Startzeit der fehlerhaften Anwendung: 0x01cbf81b7ca65d9d Pfad der
fehlerhaften Anwendung: C:\Games\Two Worlds II\TwoWorlds2.exe Pfad des fehlerhaften
Moduls: C:\Games\Two Worlds II\TwoWorlds2.exe Berichtskennung: fa9cf877-6414-11e0-93fa-00040efae87a
Error - 12.04.2011 11:01:11 | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,
Zeitstempel: 0x4d0c2f29 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0x1334 Startzeit der fehlerhaften Anwendung: 0x01cbf92274056360 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: b3f36295-6515-11e0-ad6c-00040efae87a
Error - 12.04.2011 11:01:51 | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,
Zeitstempel: 0x4d0c2f29 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0xa14 Startzeit der fehlerhaften Anwendung: 0x01cbf9228d2e21c7 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: cb619f93-6515-11e0-ad6c-00040efae87a
Error - 12.04.2011 11:08:05 | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,
Zeitstempel: 0x4d0c2f29 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0x13b0 Startzeit der fehlerhaften Anwendung: 0x01cbf9236b2c8674 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: aa619b7c-6516-11e0-ad6c-00040efae87a
Error - 12.04.2011 11:08:35 | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,
Zeitstempel: 0x4d0c2f29 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0x8c4 Startzeit der fehlerhaften Anwendung: 0x01cbf9237defcf18 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: bc1740be-6516-11e0-ad6c-00040efae87a
Error - 12.04.2011 11:11:11 | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,
Zeitstempel: 0x4d0c2f29 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0xd2c Startzeit der fehlerhaften Anwendung: 0x01cbf923dac8421f Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 1938cbc7-6517-11e0-ad6c-00040efae87a
Error - 13.04.2011 19:56:35 | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Crysis2.exe, Version: 1.0.0.5858,
Zeitstempel: 0x21544c46 Name des fehlerhaften Moduls: Crysis2.exe, Version: 1.0.0.5858,
Zeitstempel: 0x21544c46 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00065e83 ID des fehlerhaften
Prozesses: 0x13f8 Startzeit der fehlerhaften Anwendung: 0x01cbfa36681da6c7 Pfad der
fehlerhaften Anwendung: A:\Video\Series\How I met your mother\Crysis 2 DVD9 MULTI
5-NETSHOW\bin32\Crysis2.exe Pfad des fehlerhaften Moduls: A:\Video\Series\How I
met your mother\Crysis 2 DVD9 MULTI 5-NETSHOW\bin32\Crysis2.exe Berichtskennung:
a99d77b7-6629-11e0-8fe0-00040efae87a
Error - 13.04.2011 19:56:43 | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Crysis2.exe, Version: 1.0.0.5858,
Zeitstempel: 0x21544c46 Name des fehlerhaften Moduls: Crysis2.exe, Version: 1.0.0.5858,
Zeitstempel: 0x21544c46 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00065e83 ID des fehlerhaften
Prozesses: 0x720 Startzeit der fehlerhaften Anwendung: 0x01cbfa366ede6b27 Pfad der
fehlerhaften Anwendung: A:\Video\Series\How I met your mother\Crysis 2 DVD9 MULTI
5-NETSHOW\bin32\Crysis2.exe Pfad des fehlerhaften Moduls: A:\Video\Series\How I
met your mother\Crysis 2 DVD9 MULTI 5-NETSHOW\bin32\Crysis2.exe Berichtskennung:
ae01577b-6629-11e0-8fe0-00040efae87a
Error - 14.04.2011 08:28:59 | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ShippingPC-StormGame.exe, Version:
1.0.7094.0, Zeitstempel: 0x4d35a5ef Name des fehlerhaften Moduls: ShippingPC-StormGame.exe,
Version: 1.0.7094.0, Zeitstempel: 0x4d35a5ef Ausnahmecode: 0xc0000005 Fehleroffset:
0x00a1645b ID des fehlerhaften Prozesses: 0x11d0 Startzeit der fehlerhaften Anwendung:
0x01cbfa99b26a32b2 Pfad der fehlerhaften Anwendung: C:\Games\Bulletstorm\Binaries\Win32\ShippingPC-StormGame.exe
Pfad
des fehlerhaften Moduls: C:\Games\Bulletstorm\Binaries\Win32\ShippingPC-StormGame.exe
Berichtskennung:
c576027e-6692-11e0-bc64-00040efae87a
Error - 14.04.2011 08:43:31 | Computer Name = Mike-PC | Source = MsiInstaller | ID = 1013
Description =
[ System Events ]
Error - 06.04.2011 06:53:38 | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%577
Error - 06.04.2011 07:34:47 | Computer Name = Mike-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 12.04.2011 11:43:15 | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%577
Error - 12.04.2011 11:43:16 | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%577
Error - 20.04.2011 14:17:01 | Computer Name = Mike-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 28.04.2011 17:40:03 | Computer Name = Mike-PC | Source = DCOM | ID = 10010
Description =
Error - 28.04.2011 17:40:42 | Computer Name = Mike-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800705b4 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2515325)
Error - 28.04.2011 17:40:42 | Computer Name = Mike-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800705b4 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2522422)
Error - 28.04.2011 17:40:42 | Computer Name = Mike-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800705b4 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2492386)
Error - 28.04.2011 17:50:26 | Computer Name = Mike-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800705b4 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB982018)
< End of report >
Und hier noch die GMER Logfile: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15572 - hxxp://www.gmer.net
Rootkit scan 2011-05-01 22:42:31
Windows 6.1.7600
Running: n4ddes2y.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\0007611fcf01 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\0007611fcf01@00076131f2f4 0x32 0xEE 0x13 0x7B ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1C 0x13 0x05 0x06 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBD 0x95 0x3D 0x0D ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE0 0xF5 0x93 0x1F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0007611fcf01
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0007611fcf01@00076131f2f4 0x32 0xEE 0x13 0x7B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1C 0x13 0x05 0x06 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBD 0x95 0x3D 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE0 0xF5 0x93 0x1F ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\0007611fcf01 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\0007611fcf01@00076131f2f4 0x32 0xEE 0x13 0x7B ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1C 0x13 0x05 0x06 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBD 0x95 0x3D 0x0D ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE0 0xF5 0x93 0x1F ...
---- EOF - GMER 1.0.15 ----
|
| Themen zu BOOTDss.M erfolgreich entfernt... Hoffe ich. |
| 64-bit, 7-zip, alternate, antivir, autorun, avgntflt.sys, avira, bho, c:\windows\system32\rundll32.exe, conduit, converter, device driver, error, excel, firefox, flash player, google, iexplore.exe, install.exe, installation, internet, location, microsoft office word, mozilla, mp3, msiinstaller, office 2007, oldtimer, plug-in, realtek, recycle.bin, registry, rootkit.tdss.gen, rundll, schattenkopien, searchplugins, security, security update, senden, shell32.dll, shortcut, software, sptd.sys, start menu, stick, super, syswow64, updates, usb, usb 3.0, vdeck.exe, virus, webcheck |
Baum-Darstellung