| |
| |||||||
Log-Analyse und Auswertung: Internetseite öffnet sich automatischWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.06.2011, 15:58
| #16 |
 |  Internetseite öffnet sich automatisch hier die liste. habe nur bei unnötigen bzw. unbekannten was rangeschrieben. der rest wird benötigt. Adobe AIR Adobe Systems Inc. Adobe Flash Player 10 ActiveX Adobe Systems Incorporated Adobe Flash Player 10 Plugin Adobe Systems Incorporated Adobe Reader X (10.0.1) - Deutsch Adobe Systems Incorporated Adobe Shockwave Player 11.5 Adobe Systems, Inc. Apple Application Support Apple Inc. Apple Mobile Device Support Apple Inc. -> unnötig (?) Apple Software Update Apple Inc. ASIO4ALL ATI Catalyst Install Manager ATI Technologies, Inc. Avira AntiVir Personal - Free Antivirus Avira GmbH Battlefield Play4Free EA Digital illusions Bluesoleil2.6.0.1 Release 070402 IVT Corporation CCleaner Piriform Columbus Tree Mod 1.0 deutsch CycleDogg CPUCooL (remove only) CPUID CPU-Z 1.54 Creative ALchemy Creative Technology Limited Creative Audio-Systemsteuerung Creative Technology Limited Creative MediaSource 5 Creative Technology Limited Creative Software AutoUpdate Creative Technology Limited Creative WaveStudio 7 Creative Technology Limited Dawn of War - Dark Crusade THQ DEUTSCHLAND SPIELT GAME CENTER INTENIUM GmbH DivX-Setup DivX, LLC Eigenschaften von Creative Sound Blaster Creative Technology Limited Empire Earth Ultimate Edition The Games Company FL Studio 8 Image-Line bvba Flatcast Viewer Plugin 5.2.2.454 1 mal 1 Software GmbH FreePDF (Remove only) FRITZ!Box starter AVM Berlin GPL Ghostscript 9.01 GTR 2 1.0.0.0 10tacle Studios Publishing AG GTR2 Online Functionality Patch SimBin Studios Hattrick Organizer (remove only) ICQ7.4 ICQ IL Download Manager Image-Line bvba iTunes Apple Inc. Java(TM) 6 Update 24 Sun Microsystems, Inc. JDownloader AppWork UG (haftungsbeschränkt) LG PC Suite LGE LG USB Modem driver LG Electronics Logitech Desktop Messenger Logitech, Inc. Logitech SetPoint Logitech Malwarebytes' Anti-Malware Version 1.51.0.1200 Malwarebytes Corporation Marvell Miniport Driver Marvell Microsoft .NET Framework 4 Client Profile Microsoft Corporation Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation Microsoft .NET Framework 4 Extended Microsoft Corporation Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation Microsoft Games for Windows Marketplace Microsoft Corporation Microsoft Office Professional Plus 2010 Microsoft Corporation Microsoft Silverlight Microsoft Corporation Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation Microsoft Visual C++ 2005 Redistributable Microsoft Corporation Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation Microsoft Xbox 360 Accessories 1.2 Microsoft Mozilla Firefox 4.0.1 (x86 de) Mozilla Mozilla Thunderbird (3.0.4) Mozilla -> unnötig(?) Mozilla Thunderbird (3.1.10) Mozilla Network Addon Mod Version Mai 2010 deutsch Das NAM Team Network Widening Mod 1.0 Das NAM Team Opera 11.11 Opera Software ASA Pando Media Booster Pando Networks Inc. -> unbekannt PDFCreator Frank Heindörfer, Philip Chinery Pflanzen gegen Zombies INTENIUM GmbH Pivot Stickfigure Animator Peter Bone PoiZone Image-Line bvba PokerStars.net PokerStars.net ProtectDisc Driver, Version 11 ProtectDisc Software GmbH PunkBuster Services Even Balance, Inc. QuickTime Apple Inc. Real Highway Mod 4.0 Das NAM Team RedMon - Redirection Port Monitor -> unnötig SHARKOON STATION SimCity 4 Deluxe SpeechRedist Epic Games Inc. Street Addon Mod Beta v3 Das NAM Team Supreme Ruler 2020 BattleGoat Studios Titan Quest Iron Lore Titan Quest Immortal Throne Iron Lore Toxic Biohazard Image-Line bvba Traffic Simulator Configuration Tool Uniblue RegistryBooster Uniblue Systems Ltd Unity Web Player Unity Technologies ApS Unreal Tournament 2004 Veetle TV 0.9.18 Veetle, Inc VLC media player 1.1.9 VideoLAN Windows Live ID Sign-in Assistant Microsoft Corporation WinRAR |
|
05.06.2011, 15:53
| #17 |
| /// Malware-holic   | Internetseite öffnet sich automatisch ok, sieht gut aus, welche probleme gibts noch?
__________________
__________________ |
|
06.06.2011, 16:29
| #18 |
| | Internetseite öffnet sich automatisch bis auf das beide browser recht langsam sind und halt im firefox dauernd dieses seite aufgeht, würd ich sagen, nichts weiter. zumindest nix offentsichtliches
__________________aber genau kann ich es dir auch nicht sagen. hab nicht viel plan davon |
|
06.06.2011, 16:40
| #19 |
| /// Malware-holic | Internetseite öffnet sich automatisch poste mal neue otl logs.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.06.2011, 17:55
| #20 |
| | Internetseite öffnet sich automatisch OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 06.06.2011 18:10:36 - Run 3 OTL by OldTimer - Version 3.2.23.0 Folder = D:\Downloads Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 51,17% Memory free 4,00 Gb Paging File | 2,51 Gb Available in Paging File | 62,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,53 Gb Total Space | 50,59 Gb Free Space | 67,87% Space Free | Partition Type: NTFS Drive D: | 74,53 Gb Total Space | 33,27 Gb Free Space | 44,64% Space Free | Partition Type: NTFS Drive E: | 1,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: HASENBEIN | User Name: El Presidente | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - D:\Programme\opera\opera.exe (Opera Software) PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - D:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - D:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programme\SHARKOON Technologies GmbH\SHARKOON STATION\Majestic.EXE () ========== Modules (SafeList) ========== MOD - D:\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll (Microsoft Corporation) MOD - D:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.) MOD - D:\Programme\Logitech\SetPoint\GameHook.dll (Logitech, Inc.) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Programme\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (CPUCooLServer) -- d:\Programme\CPUCooL\CooLSRV.exe () SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (IGDCTRL) -- D:\Programme\1&1\IGDCTRL.EXE (AVM Berlin) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (cpuz133) -- C:\Windows\System32\drivers\cpuz133_x32.sys (Windows (R) Win 7 DDK provider) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (ntiopnp) -- C:\Windows\System32\drivers\ntiopnp.sys () DRV - (ntiomin) -- C:\Windows\System32\drivers\ntiomin.sys () DRV - (P17) -- C:\Windows\System32\drivers\P17.sys (Creative Technology Ltd.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (MRV6X32P) -- C:\Windows\System32\drivers\MRVW13B.sys (Marvell Semiconductor, Inc) DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.) DRV - (BlueletSCOAudio) -- C:\Windows\System32\drivers\BlueletSCOAudio.sys (IVT Corporation.) DRV - (BT) -- C:\Windows\System32\drivers\btnetdrv.sys (IVT Corporation.) DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation.) DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys (IVT Corporation.) DRV - (VcommMgr) -- C:\Windows\System32\drivers\VCommMgr.sys (IVT Corporation.) DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.) DRV - (BlueletAudio) -- C:\Windows\System32\drivers\blueletaudio.sys (IVT Corporation.) DRV - (UALFDrv2) -- C:\Windows\System32\drivers\UALFDrv2.sys (Sonix) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2220072759-1213370875-1120406951-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2220072759-1213370875-1120406951-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2220072759-1213370875-1120406951-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F 2A B1 C8 5E 6C CB 01 [binary data] IE - HKU\S-1-5-21-2220072759-1213370875-1120406951-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search..." FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2 FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.21 21:58:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.21 21:58:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: d:\Programme\Mozilla Firefox\components [2011.04.30 18:03:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: d:\Programme\Mozilla Firefox\plugins [2011.04.30 18:03:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: d:\Programme\Mozilla Thunderbird\components [2011.05.18 22:51:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: d:\Programme\Mozilla Thunderbird\plugins [2011.03.22 15:48:51 | 000,000,000 | ---D | M] [2010.06.29 17:08:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\El Presidente\AppData\Roaming\mozilla\Extensions [2010.06.29 17:08:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\El Presidente\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.06.03 16:25:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\El Presidente\AppData\Roaming\mozilla\Firefox\Profiles\y6rlp0zs.default\extensions [2011.04.13 14:02:39 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\El Presidente\AppData\Roaming\mozilla\Firefox\Profiles\y6rlp0zs.default\extensions\battlefieldplay4free@ea.com [2010.07.23 17:21:02 | 000,000,000 | ---D | M] (FIFA Online Web Launcher) -- C:\Users\El Presidente\AppData\Roaming\mozilla\Firefox\Profiles\y6rlp0zs.default\extensions\eafo3fflauncher@ea.com [2011.05.03 21:01:01 | 000,000,000 | ---D | M] (vShare) -- C:\Users\El Presidente\AppData\Roaming\mozilla\Firefox\Profiles\y6rlp0zs.default\extensions\vshare@toolbar [2011.03.15 21:59:07 | 000,001,583 | ---- | M] () -- C:\Users\El Presidente\AppData\Roaming\Mozilla\Firefox\Profiles\y6rlp0zs.default\searchplugins\web-search.xml File not found (No name found) -- () (No name found) -- C:\USERS\EL PRESIDENTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y6RLP0ZS.DEFAULT\EXTENSIONS\{9D1F059C-CADA-4111-9696-41A62D64E3BA}.XPI () (No name found) -- C:\USERS\EL PRESIDENTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y6RLP0ZS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\EL PRESIDENTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y6RLP0ZS.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI () (No name found) -- C:\USERS\EL PRESIDENTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y6RLP0ZS.DEFAULT\EXTENSIONS\GUICONFIG@SLOSD.NET.XPI [2010.06.30 16:01:18 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2010.11.09 12:51:48 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.10 16:51:57 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.16 12:30:20 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [SHARKOON STATION] C:\Programme\SHARKOON Technologies GmbH\SHARKOON STATION\Majestic.EXE () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2220072759-1213370875-1120406951-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2220072759-1213370875-1120406951-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - d:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - d:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.08.17 04:25:45 | 000,000,062 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk - - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk - D:\Programme\Logitech\SetPoint\SetPoint.exe - (Logitech, Inc.) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: BCSSync - hkey= - key= - D:\Programme\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) MsConfig - StartUpReg: ICQ - hkey= - key= - d:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - D:\Programme\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: XboxStat - hkey= - key= - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) ========== Files/Folders - Created Within 30 Days ========== [2011.06.03 16:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.06.03 16:23:44 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.05.30 21:41:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.05.30 21:36:00 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.05.30 21:04:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.05.30 21:04:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.05.30 21:04:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.05.30 21:04:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.05.30 21:02:04 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.05.29 22:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2011.05.29 22:41:13 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX [2011.05.29 22:41:10 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL [2011.05.29 22:41:10 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL [2011.05.29 22:41:10 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL [2011.05.29 22:41:09 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL [2011.05.29 21:12:15 | 000,000,000 | ---D | C] -- C:\Users\El Presidente\AppData\Roaming\Malwarebytes [2011.05.29 21:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.29 21:11:55 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.29 21:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.29 21:11:49 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.29 20:44:23 | 000,000,000 | ---D | C] -- C:\backups [2011.05.29 20:35:24 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\HiJackThis204.exe [2011.05.29 17:40:03 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\system32CmdLineExt.dll [2011.05.25 07:21:16 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2011.05.24 10:59:39 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe [2011.05.21 21:59:48 | 000,000,000 | ---D | C] -- C:\Users\El Presidente\AppData\Local\DDMSettings [2011.05.21 21:58:12 | 000,000,000 | ---D | C] -- C:\Users\El Presidente\AppData\Roaming\DivX [2011.05.21 21:57:13 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine [2011.05.21 21:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2011.05.21 21:55:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared [2011.05.21 21:53:48 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2011.05.21 21:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2011.05.18 22:27:44 | 000,000,000 | ---D | C] -- C:\Users\El Presidente\FreePDF [2011.05.18 09:00:27 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.05.17 22:13:07 | 000,000,000 | ---D | C] -- C:\Users\El Presidente\AppData\Roaming\Xfire [2011.05.17 22:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire [2011.05.17 22:05:05 | 000,000,000 | ---D | C] -- C:\Programme\THQ [2011.05.16 21:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.05.11 21:28:53 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.05.11 21:28:51 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.05.11 21:28:39 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys [2011.05.11 21:28:38 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys [2011.05.08 16:20:48 | 000,000,000 | ---D | C] -- C:\Users\El Presidente\AppData\Local\DFH [2011.05.08 16:20:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Softwrap [2011.05.08 16:20:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Fonts [2011.05.08 16:20:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Config [2011.05.07 23:25:23 | 000,000,000 | ---D | C] -- C:\Users\El Presidente\AppData\Roaming\Uniblue [2011.05.07 23:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue [2011.05.07 23:24:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} [2011.05.07 23:23:30 | 000,000,000 | ---D | C] -- C:\Users\El Presidente\AppData\Local\PackageAware ========== Files - Modified Within 30 Days ========== [2011.06.06 14:21:31 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.06 14:21:31 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.06 14:15:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.06 12:38:25 | 000,013,654 | ---- | M] () -- C:\Users\El Presidente\Documents\2011-06-06.hrf [2011.06.03 16:23:47 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.05.30 11:58:14 | 000,013,657 | ---- | M] () -- C:\Users\El Presidente\Documents\2011-05-30.hrf [2011.05.29 23:06:38 | 000,691,294 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.29 23:06:38 | 000,647,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.29 23:06:38 | 000,144,892 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.29 23:06:38 | 000,118,438 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.29 20:35:25 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HiJackThis204.exe [2011.05.29 17:40:03 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\system32CmdLineExt.dll [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.28 21:16:35 | 000,002,621 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2 [2011.05.23 14:15:39 | 000,013,665 | ---- | M] () -- C:\Users\El Presidente\Documents\2011-05-23.hrf [2011.05.21 21:41:56 | 000,029,696 | ---- | M] () -- C:\Windows\System32\mfc100eou.dll [2011.05.18 09:00:27 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.05.17 22:06:39 | 000,000,647 | ---- | M] () -- C:\Users\Public\Desktop\Dark Crusade.lnk [2011.05.16 13:16:12 | 000,013,199 | ---- | M] () -- C:\Users\El Presidente\Documents\2011-05-16.hrf [2011.05.09 18:30:51 | 000,013,175 | ---- | M] () -- C:\Users\El Presidente\Documents\2011-05-09.hrf [2011.05.08 16:20:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SwSys2.bmp [2011.05.08 16:20:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SwSys1.bmp [2011.05.08 04:39:51 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2011.05.08 04:07:40 | 000,007,600 | ---- | M] () -- C:\Users\El Presidente\AppData\Local\Resmon.ResmonCfg [2011.05.07 23:25:11 | 000,001,715 | ---- | M] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk ========== Files Created - No Company Name ========== [2011.06.06 12:38:25 | 000,013,654 | ---- | C] () -- C:\Users\El Presidente\Documents\2011-06-06.hrf [2011.06.03 16:23:47 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.05.30 21:04:31 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.05.30 21:04:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.05.30 21:04:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.05.30 21:04:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.05.30 21:04:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.05.30 11:58:14 | 000,013,657 | ---- | C] () -- C:\Users\El Presidente\Documents\2011-05-30.hrf [2011.05.29 22:41:12 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.05.23 14:11:10 | 000,013,665 | ---- | C] () -- C:\Users\El Presidente\Documents\2011-05-23.hrf [2011.05.21 21:41:56 | 000,029,696 | ---- | C] () -- C:\Windows\System32\mfc100eou.dll [2011.05.17 22:06:39 | 000,000,647 | ---- | C] () -- C:\Users\Public\Desktop\Dark Crusade.lnk [2011.05.16 13:16:12 | 000,013,199 | ---- | C] () -- C:\Users\El Presidente\Documents\2011-05-16.hrf [2011.05.09 18:30:51 | 000,013,175 | ---- | C] () -- C:\Users\El Presidente\Documents\2011-05-09.hrf [2011.05.08 16:20:44 | 000,002,621 | ---- | C] () -- C:\Users\Public\Documents\Global.sw2 [2011.05.08 16:20:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SwSys2.bmp [2011.05.08 16:20:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SwSys1.bmp [2011.05.07 23:25:33 | 000,000,272 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job [2011.05.07 23:25:11 | 000,001,715 | ---- | C] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.03.10 09:58:16 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.03.10 09:58:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2011.03.08 08:58:43 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.03.08 08:57:24 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.02.02 20:06:32 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.02.02 20:06:32 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.10.25 13:05:50 | 000,007,600 | ---- | C] () -- C:\Users\El Presidente\AppData\Local\Resmon.ResmonCfg [2010.10.16 02:36:45 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll [2010.08.31 14:41:57 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat [2010.08.27 00:48:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.07.23 17:25:49 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.07.23 17:25:47 | 000,138,056 | ---- | C] () -- C:\Users\El Presidente\AppData\Roaming\PnkBstrK.sys [2010.07.23 17:25:29 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.07.23 17:25:08 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2010.07.23 17:25:08 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010.06.30 20:28:55 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe [2010.06.30 20:28:55 | 000,000,881 | ---- | C] () -- C:\Windows\unins000.dat [2010.06.30 16:12:46 | 000,000,068 | ---- | C] () -- C:\Windows\WININIT.INI [2010.06.30 15:36:34 | 000,118,784 | ---- | C] () -- C:\Windows\bwUnin-7.2.0.137-8876480SL.exe [2010.06.29 16:48:05 | 000,166,912 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2010.06.29 16:48:05 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2010.06.29 16:34:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.02.11 07:30:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2010.01.03 20:28:18 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\ntiopnp.sys [2010.01.03 20:28:18 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\ntiomin.sys [2009.10.16 06:50:54 | 000,003,930 | ---- | C] () -- C:\Windows\System32\ludap17.ini [2009.07.14 10:47:43 | 000,691,294 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,144,892 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,409,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,647,308 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,118,438 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.04.24 00:29:16 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.11.13 06:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini [2007.12.04 05:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini [2007.06.07 05:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini [2005.03.08 06:17:00 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini ========== LOP Check ========== [2010.08.03 16:11:49 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\DAEMON Tools Lite [2010.07.05 22:45:45 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\DAEMON Tools Pro [2010.06.30 20:28:55 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Flatcast [2011.03.29 16:02:37 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\FRITZ! [2011.02.15 19:10:09 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\FrostWire [2011.04.20 21:03:04 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\ICQ [2010.06.30 16:58:21 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Leadertech [2010.09.17 11:21:27 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\LG Electronics [2010.10.27 11:01:18 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Mount&Blade Warband [2011.01.25 19:58:54 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Need for Speed World [2011.01.28 15:33:48 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Opera [2010.09.29 00:48:02 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\ProtectDisc [2010.11.11 17:26:41 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Sierra [2010.06.29 17:08:03 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Thunderbird [2010.08.02 17:48:40 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Tropico 3 [2010.08.25 13:50:37 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\TuneUp Software [2011.05.07 23:25:23 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Uniblue [2011.04.15 17:45:36 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Unity [2011.05.08 04:39:51 | 000,000,272 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job [2011.04.18 13:41:50 | 000,032,764 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.03.24 23:31:34 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Adobe [2010.11.26 00:25:08 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Apple Computer [2010.06.29 17:26:14 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\ATI [2010.06.30 16:12:50 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Avira [2010.08.03 16:11:49 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\DAEMON Tools Lite [2010.07.05 22:45:45 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\DAEMON Tools Pro [2011.05.21 21:58:12 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\DivX [2011.02.28 14:03:43 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Download Manager [2010.06.30 20:28:55 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Flatcast [2011.03.29 16:02:37 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\FRITZ! [2011.02.15 19:10:09 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\FrostWire [2011.04.20 21:03:04 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\ICQ [2010.06.29 16:43:44 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Identities [2010.06.30 15:58:21 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\InstallShield [2010.06.30 16:58:21 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Leadertech [2010.09.17 11:21:27 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\LG Electronics [2010.06.30 16:07:28 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Logitech [2010.06.29 23:22:28 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Macromedia [2011.05.29 21:12:15 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Malwarebytes [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Media Center Programs [2011.05.29 22:51:31 | 000,000,000 | --SD | M] -- C:\Users\El Presidente\AppData\Roaming\Microsoft [2010.10.27 11:01:18 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Mount&Blade Warband [2010.06.29 17:01:36 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Mozilla [2011.01.25 19:58:54 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Need for Speed World [2011.01.28 15:33:48 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Opera [2010.09.29 00:48:02 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\ProtectDisc [2010.11.11 17:26:41 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Sierra [2010.08.31 19:03:02 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Skype [2010.08.31 18:57:03 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\skypePM [2010.06.29 17:08:03 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Thunderbird [2010.08.02 17:48:40 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Tropico 3 [2010.08.25 13:50:37 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\TuneUp Software [2011.05.07 23:25:23 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Uniblue [2011.04.15 17:45:36 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Unity [2010.09.30 03:13:50 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\vlc [2010.07.01 20:32:06 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\WinRAR [2011.05.17 22:13:07 | 000,000,000 | ---D | M] -- C:\Users\El Presidente\AppData\Roaming\Xfire < %APPDATA%\*.exe /s > [2011.02.15 19:06:31 | 000,000,000 | ---- | M] () -- C:\Users\El Presidente\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe [2010.10.05 21:35:59 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\El Presidente\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.02.28 13:48:15 | 000,010,134 | R--- | M] () -- C:\Users\El Presidente\AppData\Roaming\Microsoft\Installer\{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}\ARPPRODUCTICON.exe [2011.02.24 14:07:18 | 001,004,928 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\El Presidente\AppData\Roaming\Mozilla\Firefox\Profiles\y6rlp0zs.default\extensions\battlefieldplay4free@ea.com\plugins\BP4FUpdater.exe < %SYSTEMDRIVE%\*.exe > [2011.05.29 20:35:25 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HiJackThis204.exe < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\ERDNT\cache\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.07.05 22:41:11 | 000,697,328 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010.02.11 07:32:36 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll [2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll < End of report > --- --- --- OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.06.2011 18:10:36 - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = D:\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 51,17% Memory free
4,00 Gb Paging File | 2,51 Gb Available in Paging File | 62,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 50,59 Gb Free Space | 67,87% Space Free | Partition Type: NTFS
Drive D: | 74,53 Gb Total Space | 33,27 Gb Free Space | 44,64% Space Free | Partition Type: NTFS
Drive E: | 1,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: HASENBEIN | User Name: El Presidente | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2220072759-1213370875-1120406951-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- d:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Programme\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{11B5E957-FCF2-469D-AB66-963C38134231}" = Bluesoleil2.6.0.1 Release 070402
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 24
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}" = FRITZ!Box starter
"{4F5F2909-4983-4E76-A3AF-B55ABB5E8BF7}_is1" = GTR2 Online Functionality Patch
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{912CE296-3D73-4A9D-B3FB-70A5CF7A8568}" = Empire Earth Ultimate Edition
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{D560A981-FEB3-42F0-A61A-13E9528E0C51}_is1" = GTR 2 1.0.0.0
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E4B012BC-9DC7-4E43-9CED-05B979F10B83}" = SHARKOON STATION
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALchemy" = Creative ALchemy
"ASIO4ALL" = ASIO4ALL
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Columbus Tree Mod" = Columbus Tree Mod 1.0 deutsch
"CPUCooL" = CPUCooL (remove only)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster
"DivX Setup.divx.com" = DivX-Setup
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"FL Studio 8" = FL Studio 8
"Flatcast_is1" = Flatcast Viewer Plugin 5.2.2.454
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.01" = GPL Ghostscript 9.01
"Hattrick Organizer" = Hattrick Organizer (remove only)
"IL Download Manager" = IL Download Manager
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"Network Addon Mod" = Network Addon Mod Version Mai 2010 deutsch
"Network Widening Mod" = Network Widening Mod 1.0
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 11.11.2109" = Opera 11.11
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"PoiZone" = PoiZone
"PokerStars.net" = PokerStars.net
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Real Highway Mod" = Real Highway Mod 4.0
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Street Addon Mod" = Street Addon Mod Beta v3
"Supreme Ruler 2020_is1" = Supreme Ruler 2020
"Toxic Biohazard" = Toxic Biohazard
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"UT2004" = Unreal Tournament 2004
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.9
"WaveStudio 7" = Creative WaveStudio 7
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2220072759-1213370875-1120406951-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"Traffic Simulator Configuration Tool" = Traffic Simulator Configuration Tool
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
06.06.2011, 18:10
| #21 |
| /// Malware-holic | Internetseite öffnet sich automatisch http://www.trojaner-board.de/59299-a...eb-cureit.html nutze CureIT im normalen modus, schalte alle programme aus. poste den inhalt der csv datei, also die ergebnisse. der schnell scan reicht erst mal
__________________ --> Internetseite öffnet sich automatisch |
|
| Themen zu Internetseite öffnet sich automatisch |
| automatisch, erkannt, firefox, inter, interne, internetseite, klasse, problem, quarantäne, seite, servus, sich automatisch, tagen, troja, trojaner, weiterhelfen, öffnet, öffnet sich automatisch |
Linear-Darstellung
