| Dr_Schuetz | 30.03.2013 21:56 |
Windows XP startet langsam, Yahoo-Account verschickte Spammails
Hi, ich hab seit ein paar Tagen Probleme mit meinem PC.
Es fing damit an, dass über meinen Yahoo-Account E-Mails an meine Kontakte geschickt wurden. Nachdem ich meine Kontakte gelöscht habe und mein Passwort geändert habe hat das zwar aufgehört, aber seitdem fährt mein Rechner extrem langsam hoch. Der PC reagiert auch bei normalen Aktionen, wie Ordner öffnen usw., sehr langsam.
Ich habe schon mehrere Sachen versucht und hoffe mal ich hab es nicht verschlimmert.
Unter anderem hab ich den TDSSKiller laufen lassen, adwCleaner und auch ComboFix nachdem ich in einem englischen Forum (hxxp://forums.whatthetech.com/index.php?showtopic=124859&st=0&p=804933&#entry804933) davon gelesen habe. Erst hier habe ich gesehen dass man das wohl nicht ohne Anweisung laufen lassen sollte.
Ich poste mal die letzten Logs von Malwarebytes Antimalware, OTL und Gmer. Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Datenbank Version: v2013.03.29.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Hulkster :: MASTER-C985A3BE [Administrator]
29.03.2013 21:05:55
mbam-log-2013-03-29 (21-05-55).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 294752
Laufzeit: 2 Stunde(n), 1 Minute(n), 22 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
Code:
OTL logfile created on: 30.03.2013 10:12:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Hulkster\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 79,18% Memory free
5,09 Gb Paging File | 4,45 Gb Available in Paging File | 87,44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 30,36 Gb Free Space | 62,18% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 97,59 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive E: | 785,02 Gb Total Space | 264,75 Gb Free Space | 33,73% Space Free | Partition Type: NTFS
Drive G: | 1397,26 Gb Total Space | 619,47 Gb Free Space | 44,33% Space Free | Partition Type: NTFS
Computer Name: MASTER-C985A3BE | User Name: Hulkster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.03.30 10:11:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hulkster\Desktop\OTL.exe
PRC - [2013.03.15 06:47:17 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.03.08 08:53:49 | 000,917,400 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.03.06 23:03:06 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012.11.29 10:32:16 | 002,086,984 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- E:\Program Files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
PRC - [2012.08.08 20:11:35 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 12:30:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 12:30:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 12:30:28 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- E:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2010.01.22 11:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.05.04 18:05:04 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
PRC - [2009.02.23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008.04.14 10:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe
PRC - [2007.12.14 16:19:26 | 000,132,624 | ---- | M] (SAMSUNG ELECTRONICS) -- E:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
PRC - [2007.01.11 20:16:46 | 000,749,568 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Sitecom WL-168 Wireless LAN Driver and Utility\RtWLan.exe
PRC - [2005.09.29 17:39:06 | 001,318,912 | ---- | M] () -- C:\Program Files\ZyXEL Communications Corporation\ZyXEL G-220 Utility\ZyXEL_G-220_GUI.exe
========== Modules (No Company Name) ==========
MOD - [2013.03.15 06:47:17 | 000,357,224 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2013.03.08 08:53:49 | 003,069,848 | ---- | M] () -- E:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.05.08 12:30:28 | 000,398,288 | ---- | M] () -- E:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- E:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2009.12.12 14:12:03 | 000,141,824 | ---- | M] () -- E:\Program Files\WinRAR\RarExt.dll
MOD - [2008.04.14 10:00:00 | 000,014,336 | ---- | M] () -- C:\WINXP\system32\msdmo.dll
MOD - [2006.10.26 21:30:12 | 000,131,072 | ---- | M] () -- C:\Program Files\Sitecom WL-168 Wireless LAN Driver and Utility\EnumDevLib.dll
MOD - [2005.09.29 17:39:06 | 001,318,912 | ---- | M] () -- C:\Program Files\ZyXEL Communications Corporation\ZyXEL G-220 Utility\ZyXEL_G-220_GUI.exe
MOD - [2005.07.20 03:53:04 | 000,966,765 | ---- | M] () -- C:\Program Files\Sitecom WL-168 Wireless LAN Driver and Utility\acAuth.dll
MOD - [2004.11.16 19:33:28 | 000,040,960 | ---- | M] () -- C:\Program Files\ZyXEL Communications Corporation\ZyXEL G-220 Utility\ZDWlan.dll
MOD - [2004.11.03 22:14:18 | 000,036,867 | ---- | M] () -- C:\Program Files\ZyXEL Communications Corporation\ZyXEL G-220 Utility\ZySecurity.dll
MOD - [2004.05.11 19:38:46 | 002,981,977 | ---- | M] () -- C:\Program Files\ZyXEL Communications Corporation\ZyXEL G-220 Utility\odSupp_M.dll
MOD - [2003.08.13 12:28:02 | 000,040,960 | ---- | M] () -- C:\Program Files\ZyXEL Communications Corporation\ZyXEL G-220 Utility\PassAPP.dll
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013.03.15 06:47:17 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.08 08:53:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.06 23:03:06 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- E:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 12:30:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 12:30:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- E:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.08.04 16:37:56 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011.08.04 16:37:37 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- E:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.02.23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2005.03.09 20:50:18 | 000,018,944 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Disabled | Stopped] -- C:\WINXP\system32\libusbd-nt.exe -- (libusbd)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Hulkster\LOCALS~1\Temp\fwtcqpob.sys -- (fwtcqpob)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Hulkster\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- -- (ASPI32)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\1jw1.sys -- (1jw1.sys)
DRV - [2012.12.21 13:54:00 | 000,013,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2012.12.21 13:53:58 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2012.12.19 06:41:55 | 000,128,440 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2012.05.08 12:30:29 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 12:30:29 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINXP\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.01.31 00:19:51 | 000,162,432 | ---- | M] () [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\ithsgt.sys -- (ithsgt)
DRV - [2012.01.31 00:19:51 | 000,012,032 | ---- | M] () [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\lilsgt.sys -- (lilsgt)
DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.05 19:33:45 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.09.05 19:33:44 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.08.05 17:24:26 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINXP\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.04.07 10:03:24 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011.02.18 05:47:42 | 000,066,112 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.08 11:41:48 | 000,220,112 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010.02.08 11:15:44 | 005,860,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010.01.22 11:21:48 | 000,139,648 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010.01.22 11:21:46 | 000,059,904 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009.12.22 01:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009.11.18 00:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 00:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINXP\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007.04.16 15:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINXP\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007.01.11 18:20:06 | 000,194,304 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\rtl8187.sys -- (RTLWUSB)
DRV - [2005.08.16 14:50:50 | 000,278,016 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ZD1211U.sys -- (ZD1211U(ZyXEL)
DRV - [2005.03.09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2004.01.14 11:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINXP\system32\ZDPNDIS5.sys -- (ZDPNDIS5)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/webhp?rls=ig"
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINXP\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: E:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: E:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2013.03.08 08:53:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2013.03.29 15:43:15 | 000,000,000 | ---D | M]
[2011.10.02 09:55:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hulkster\Application Data\Mozilla\Extensions
[2013.02.18 00:22:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hulkster\Application Data\Mozilla\Firefox\Profiles\zlr4goev.default\extensions
[2013.02.18 00:22:41 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Hulkster\Application Data\Mozilla\Firefox\Profiles\zlr4goev.default\extensions\foxyproxy@eric.h.jung
[2013.02.14 13:24:00 | 000,817,280 | ---- | M] () (No name found) -- C:\Documents and Settings\Hulkster\Application Data\Mozilla\Firefox\Profiles\zlr4goev.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
O1 HOSTS File: ([2013.03.29 14:40:56 | 000,000,027 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] E:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINXP\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CTSyncService] C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [EaseUS EPM tray] E:\Program Files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINXP\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINXP\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [SideWinderTrayV4] E:\Program Files\Microsoft Hardware\Game Controllers\Common\SWTrayV4.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SMSTray] E:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sitecom WL-168 Wireless LAN Utility.lnk = C:\Program Files\Sitecom WL-168 Wireless LAN Driver and Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZyXEL G-220 Utility GUI.lnk = C:\Program Files\ZyXEL Communications Corporation\ZyXEL G-220 Utility\ZyXEL_G-220_GUI.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - E:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - E:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{050DC5DA-4EC9-432B-BD6F-1EB6458A168E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2A49836-571F-4D97-BC84-6EB7F1C13669}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINXP\system32\userinit.exe) - C:\WINXP\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Hulkster\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hulkster\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.08.04 16:15:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.03.30 10:11:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hulkster\Desktop\OTL.exe
[2013.03.30 02:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hulkster\Application Data\Skype
[2013.03.30 02:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013.03.30 02:05:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.03.30 02:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2013.03.29 17:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013.03.29 17:29:37 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINXP\System32\OpenCL.dll
[2013.03.29 16:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.03.29 14:27:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.03.29 14:25:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINXP\SWREG.exe
[2013.03.29 14:25:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINXP\SWSC.exe
[2013.03.29 14:25:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINXP\SWXCACLS.exe
[2013.03.29 14:25:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINXP\NIRCMD.exe
[2013.03.29 14:24:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.29 14:24:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Hulkster\Start Menu\Programs\Administrative Tools
[2013.03.29 14:24:12 | 000,000,000 | ---D | C] -- C:\WINXP\erdnt
[2013.03.29 14:22:09 | 005,044,813 | R--- | C] (Swearware) -- C:\Documents and Settings\Hulkster\Desktop\ComboFix.exe
[2013.03.29 14:05:14 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.03.29 14:03:12 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Hulkster\Desktop\TDSSKiller.exe
[2013.03.29 13:56:49 | 000,000,000 | ---D | C] -- C:\WINXP\ERUNT
[2013.03.29 13:56:38 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.03 23:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KaraFun Player
[2013.03.03 23:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Recisio
[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.03.30 10:11:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hulkster\Desktop\OTL.exe
[2013.03.30 10:10:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Hulkster\defogger_reenable
[2013.03.30 10:09:06 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Hulkster\Desktop\Defogger.exe
[2013.03.30 10:06:51 | 000,001,316 | ---- | M] () -- C:\WINXP\System32\nvAppTimestamps
[2013.03.30 09:48:58 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2013.03.30 09:42:48 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2013.03.30 02:05:56 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013.03.29 17:29:34 | 001,083,296 | ---- | M] () -- C:\WINXP\System32\nvdrsdb0.bin
[2013.03.29 17:29:34 | 000,000,001 | ---- | M] () -- C:\WINXP\System32\nvdrssel.bin
[2013.03.29 17:29:28 | 001,083,296 | ---- | M] () -- C:\WINXP\System32\nvdrsdb1.bin
[2013.03.29 17:29:27 | 000,000,000 | ---- | M] () -- C:\WINXP\System32\nvdrswr.lk
[2013.03.29 16:17:31 | 000,494,098 | ---- | M] () -- C:\WINXP\System32\perfh009.dat
[2013.03.29 16:17:31 | 000,084,462 | ---- | M] () -- C:\WINXP\System32\perfc009.dat
[2013.03.29 15:58:26 | 000,000,335 | RHS- | M] () -- C:\boot.ini
[2013.03.29 15:02:25 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.03.29 14:40:56 | 000,000,027 | ---- | M] () -- C:\WINXP\System32\drivers\etc\hosts
[2013.03.29 14:23:03 | 005,044,813 | R--- | M] (Swearware) -- C:\Documents and Settings\Hulkster\Desktop\ComboFix.exe
[2013.03.28 09:30:20 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Hulkster\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.03.28 08:57:17 | 000,609,993 | ---- | M] () -- C:\Documents and Settings\Hulkster\Desktop\AdwCleaner.exe
[2013.03.15 08:40:59 | 000,001,374 | ---- | M] () -- C:\WINXP\imsins.BAK
[2013.03.15 06:47:17 | 002,288,632 | ---- | M] () -- C:\WINXP\System32\nvdata.data
[2013.03.15 06:47:17 | 000,065,536 | ---- | M] (Khronos Group) -- C:\WINXP\System32\OpenCL.dll
[2013.03.15 06:47:17 | 000,016,514 | ---- | M] () -- C:\WINXP\System32\nvinfo.pb
[2013.03.03 23:29:52 | 000,000,557 | ---- | M] () -- C:\Documents and Settings\Hulkster\Desktop\KaraFun Player.lnk
[2013.03.01 00:35:22 | 000,000,570 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.03.30 10:10:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Hulkster\defogger_reenable
[2013.03.30 10:09:06 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Hulkster\Desktop\Defogger.exe
[2013.03.30 02:05:56 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013.03.29 17:48:21 | 000,001,316 | ---- | C] () -- C:\WINXP\System32\nvAppTimestamps
[2013.03.29 17:29:28 | 001,083,296 | ---- | C] () -- C:\WINXP\System32\nvdrsdb0.bin
[2013.03.29 17:29:27 | 001,083,296 | ---- | C] () -- C:\WINXP\System32\nvdrsdb1.bin
[2013.03.29 17:29:27 | 000,000,001 | ---- | C] () -- C:\WINXP\System32\nvdrssel.bin
[2013.03.29 17:29:27 | 000,000,000 | ---- | C] () -- C:\WINXP\System32\nvdrswr.lk
[2013.03.29 17:24:59 | 000,016,514 | ---- | C] () -- C:\WINXP\System32\nvinfo.pb
[2013.03.29 17:24:57 | 002,288,632 | ---- | C] () -- C:\WINXP\System32\nvdata.data
[2013.03.29 14:27:12 | 000,000,219 | ---- | C] () -- C:\Boot.bak
[2013.03.29 14:27:05 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.03.29 14:25:02 | 000,256,000 | ---- | C] () -- C:\WINXP\PEV.exe
[2013.03.29 14:25:02 | 000,208,896 | ---- | C] () -- C:\WINXP\MBR.exe
[2013.03.29 14:25:02 | 000,098,816 | ---- | C] () -- C:\WINXP\sed.exe
[2013.03.29 14:25:02 | 000,080,412 | ---- | C] () -- C:\WINXP\grep.exe
[2013.03.29 14:25:02 | 000,068,096 | ---- | C] () -- C:\WINXP\zip.exe
[2013.03.28 08:57:13 | 000,609,993 | ---- | C] () -- C:\Documents and Settings\Hulkster\Desktop\AdwCleaner.exe
[2013.03.03 23:29:52 | 000,000,557 | ---- | C] () -- C:\Documents and Settings\Hulkster\Desktop\KaraFun Player.lnk
[2013.02.24 13:47:42 | 002,468,520 | ---- | C] () -- C:\WINXP\System32\BootMan.exe
[2013.02.24 13:47:42 | 000,087,112 | ---- | C] () -- C:\WINXP\System32\setupempdrv03.exe
[2013.02.24 13:47:42 | 000,019,840 | ---- | C] () -- C:\WINXP\System32\EuEpmGdi.dll
[2013.02.24 13:47:42 | 000,013,896 | ---- | C] () -- C:\WINXP\System32\epmntdrv.sys
[2013.02.24 13:47:42 | 000,009,160 | ---- | C] () -- C:\WINXP\System32\EuGdiDrv.sys
[2012.09.17 13:55:19 | 000,000,548 | ---- | C] () -- C:\WINXP\eReg.dat
[2012.04.18 22:07:38 | 000,755,194 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-839522115-1547161642-725345543-1003-0.dat
[2012.04.18 22:07:38 | 000,152,090 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012.03.29 13:32:02 | 000,000,065 | ---- | C] () -- C:\WINXP\FISHUI.INI
[2012.03.29 07:58:02 | 000,921,600 | ---- | C] () -- C:\WINXP\System32\vorbisenc.dll
[2012.03.29 07:58:02 | 000,237,568 | ---- | C] () -- C:\WINXP\System32\OggDS.dll
[2012.03.29 07:58:02 | 000,188,416 | ---- | C] () -- C:\WINXP\System32\vorbis.dll
[2012.03.29 07:58:02 | 000,045,056 | ---- | C] () -- C:\WINXP\System32\Ogg.dll
[2012.03.05 23:34:38 | 000,003,230 | ---- | C] () -- C:\Documents and Settings\Hulkster\Application Data\glide_wrapper.zbag.ini
[2012.02.08 01:55:23 | 000,000,032 | ---- | C] () -- C:\WINXP\Sierra.ini
[2012.02.03 14:06:04 | 000,036,352 | ---- | C] () -- C:\WINXP\System32\uninst_Zyxel.exe
[2012.02.03 14:06:04 | 000,028,672 | ---- | C] () -- C:\WINXP\System32\InsDrvZD.dll
[2012.02.03 14:06:04 | 000,024,576 | ---- | C] () -- C:\WINXP\System32\ZyDelReg.exe
[2012.02.03 14:06:04 | 000,015,872 | ---- | C] () -- C:\WINXP\System32\InsDrvZD64.dll
[2012.01.31 00:19:51 | 000,162,432 | ---- | C] () -- C:\WINXP\System32\drivers\ithsgt.sys
[2012.01.31 00:19:51 | 000,012,032 | ---- | C] () -- C:\WINXP\System32\drivers\lilsgt.sys
[2012.01.20 22:48:36 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Hulkster\Local Settings\Application Data\WebpageIcons.db
[2012.01.19 23:35:23 | 000,068,608 | ---- | C] () -- C:\WINXP\System32\Iforce2.dll
[2012.01.03 19:23:19 | 000,005,504 | ---- | C] () -- C:\WINXP\System32\drivers\StarOpen.sys
[2011.12.27 22:02:18 | 000,033,792 | ---- | C] () -- C:\WINXP\System32\drivers\libusb0.sys
[2011.10.28 13:57:13 | 001,477,118 | ---- | C] () -- C:\Documents and Settings\Hulkster\PATCH.RTP
[2011.10.28 13:57:13 | 000,060,388 | ---- | C] () -- C:\Documents and Settings\Hulkster\PATCH.EXE
[2011.10.02 08:58:01 | 000,013,931 | ---- | C] () -- C:\WINXP\System32\RaCoInst.dat
[2011.09.05 19:33:45 | 000,281,760 | ---- | C] () -- C:\WINXP\System32\drivers\atksgt.sys
[2011.09.05 19:33:44 | 000,025,888 | ---- | C] () -- C:\WINXP\System32\drivers\lirsgt.sys
[2011.08.31 19:46:31 | 000,000,032 | ---- | C] () -- C:\WINXP\CD_Start.INI
[2011.08.29 15:09:57 | 000,354,816 | ---- | C] () -- C:\WINXP\System32\psisdecd.dll
[2011.08.29 11:32:12 | 000,022,328 | ---- | C] () -- C:\WINXP\System32\drivers\PnkBstrK.sys
[2011.08.29 11:32:12 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Hulkster\Application Data\PnkBstrK.sys
[2011.08.29 11:31:57 | 000,103,736 | ---- | C] () -- C:\WINXP\System32\PnkBstrB.exe
[2011.08.29 11:31:56 | 000,669,184 | ---- | C] () -- C:\WINXP\System32\pbsvc.exe
[2011.08.29 11:31:56 | 000,066,872 | ---- | C] () -- C:\WINXP\System32\PnkBstrA.exe
[2011.08.16 16:19:38 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Hulkster\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.05 13:44:20 | 000,069,632 | R--- | C] () -- C:\WINXP\System32\xmltok.dll
[2011.08.05 13:44:20 | 000,036,864 | R--- | C] () -- C:\WINXP\System32\xmlparse.dll
[2011.08.04 18:05:12 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI
[2011.08.04 18:03:54 | 000,141,240 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT
[2011.08.04 16:44:23 | 000,000,664 | ---- | C] () -- C:\WINXP\System32\d3d9caps.dat
[2011.08.04 16:38:17 | 000,011,323 | R--- | C] () -- C:\WINXP\System32\CTSBAMB.INI
[2011.08.04 16:37:37 | 000,014,040 | ---- | C] () -- C:\WINXP\System32\CiFilter.ini
[2011.08.04 16:37:37 | 000,005,288 | ---- | C] () -- C:\WINXP\xFi_MiddleLayerKey32.ini
[2011.08.04 16:37:01 | 000,172,544 | ---- | C] () -- C:\WINXP\System32\AMBSPI.DLL
[2011.08.04 16:33:27 | 000,080,416 | R--- | C] () -- C:\WINXP\System32\RtNicProp32.dll
[2011.08.04 16:17:51 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat
[2011.08.04 16:12:47 | 000,021,640 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat
[2011.04.07 10:03:28 | 000,057,344 | ---- | C] () -- C:\WINXP\System32\issacapi_se-2.3.dll
[2011.04.07 10:03:28 | 000,030,568 | ---- | C] () -- C:\WINXP\MusiccityDownload.exe
[2011.04.07 10:03:26 | 000,974,848 | ---- | C] () -- C:\WINXP\System32\cis-2.4.dll
[2011.04.07 10:03:26 | 000,081,920 | ---- | C] () -- C:\WINXP\System32\issacapi_bs-2.3.dll
[2011.04.07 10:03:26 | 000,065,536 | ---- | C] () -- C:\WINXP\System32\issacapi_pe-2.3.dll
========== ZeroAccess Check ==========
[2011.08.04 16:30:32 | 000,000,227 | RHS- | M] () -- C:\WINXP\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011.04.12 19:46:48 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.09.16 14:11:04 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 10:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.01.04 23:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2012.01.27 00:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aspyr
[2012.01.03 19:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2012.01.28 23:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clarus
[2011.08.05 17:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011.08.31 19:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2012.10.04 19:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KONAMI
[2013.03.03 23:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Recisio
[2012.04.18 21:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012.06.13 18:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011.10.02 08:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sitecom Driver
[2011.12.18 17:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.11.28 15:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hulkster\Application Data\.minecraft
[2013.02.23 18:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hulkster\Application Data\Amazon
[2012.01.04 23:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hulkster\Application Data\Ashampoo
[2012.01.03 19:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hulkster\Application Data\Canneverbe Limited
[2011.08.16 16:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hulkster\Application Data\DAEMON Tools Lite
[2012.03.29 07:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hulkster\Application Data\DataCast
[2012.11.27 20:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hulkster\Application Data\ICQ
[2011.10.30 13:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hulkster\Application Data\OpenOffice.org
[2012.06.10 21:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hulkster\Application Data\Oracle
[2012.04.18 21:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hulkster\Application Data\Samsung
[2012.11.06 23:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hulkster\Application Data\Sports Interactive
[2011.09.05 21:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hulkster\Application Data\Ubisoft
[2011.12.08 14:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hulkster\Application Data\UltraMixer
[2012.01.08 21:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hulkster\Application Data\uTorrent
========== Purity Check ==========
< End of report >
Code:
OTL Extras logfile created on: 30.03.2013 10:12:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Hulkster\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 79,18% Memory free
5,09 Gb Paging File | 4,45 Gb Available in Paging File | 87,44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 30,36 Gb Free Space | 62,18% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 97,59 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive E: | 785,02 Gb Total Space | 264,75 Gb Free Space | 33,73% Space Free | Partition Type: NTFS
Drive G: | 1397,26 Gb Total Space | 619,47 Gb Free Space | 44,33% Space Free | Partition Type: NTFS
Computer Name: MASTER-C985A3BE | User Name: Hulkster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"E:\Program Files\Veetle\Player\VeetleNet.exe" = E:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- ()
"E:\Program Files\ICQ7.7\ICQ.exe" = E:\Program Files\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7 -- (ICQ, LLC.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"E:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe" = E:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe:*:Disabled:Far Cry -- (Crytek)
"E:\Program Files\StarCraft II\StarCraft II.exe" = E:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"E:\Program Files\StarCraft II\Versions\Base15405\SC2.exe" = E:\Program Files\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"E:\Program Files\KONAMI\Pro Evolution Soccer 2011\pes2011.exe" = E:\Program Files\KONAMI\Pro Evolution Soccer 2011\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011 -- (Konami Digital Entertainment Co., Ltd.)
"E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"E:\Program Files\Sports Interactive\Football Manager 2011\fm.exe" = E:\Program Files\Sports Interactive\Football Manager 2011\fm.exe:*:Enabled:Football Manager 2011 -- (Sports Interactive)
"E:\Program Files\KONAMI\Pro Evolution Soccer 2012\pes2012.exe" = E:\Program Files\KONAMI\Pro Evolution Soccer 2012\pes2012.exe:*:Enabled:Pro Evolution Soccer 2012 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"E:\Program Files\Fifa 12\Game\fifa.exe" = E:\Program Files\Fifa 12\Game\fifa.exe:*:Enabled:FIFA 12 -- (Electronic Arts)
"E:\Program Files\Steam\Steam.exe" = E:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"E:\Program Files\Veetle\Player\VeetleNet.exe" = E:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"E:\Program Files\iTunes\iTunes.exe" = E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"E:\Program Files\Microsoft Games\Age of Empires II\empires2.exe" = E:\Program Files\Microsoft Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"E:\Program Files\uTorrent\uTorrent.exe" = E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\Program Files\ICQ7.7\ICQ.exe" = E:\Program Files\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7 -- (ICQ, LLC.)
"E:\Program Files\Steam\SteamApps\common\football manager 2012 resource archiver\Resource Archiver.exe" = E:\Program Files\Steam\SteamApps\common\football manager 2012 resource archiver\Resource Archiver.exe:*:Enabled:Football Manager 2012 Resource Archiver -- (Sports Interactive)
"E:\Program Files\Ritual Entertainment\Heavy Metal - FAKK2\fakk2.exe" = E:\Program Files\Ritual Entertainment\Heavy Metal - FAKK2\fakk2.exe:*:Enabled:Heavy Metal : Fakk 2 -- (Ritual Entertainment)
"E:\Program Files\SopCast\SopCast.exe" = E:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"E:\Program Files\StreamTorrent 1.0\StreamTorrent.exe" = E:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent Media Player -- (StreamTorrent)
"C:\WINXP\system32\PnkBstrA.exe" = C:\WINXP\system32\PnkBstrA.exe:*:Disabled:PnkBstrA -- ()
"C:\WINXP\system32\PnkBstrB.exe" = C:\WINXP\system32\PnkBstrB.exe:*:Disabled:PnkBstrB -- ()
"E:\Program Files\Steam\SteamApps\common\football manager 2012 editor\editor.exe" = E:\Program Files\Steam\SteamApps\common\football manager 2012 editor\editor.exe:*:Enabled:Football Manager 2012 Editor -- (Sports Interactive)
"E:\Program Files\Steam\SteamApps\common\football manager 2012\fm.exe" = E:\Program Files\Steam\SteamApps\common\football manager 2012\fm.exe:*:Enabled:Football Manager 2012 -- (Sports Interactive)
"C:\WINXP\system32\muzapp.exe" = C:\WINXP\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\Java\jre7\bin\javaw.exe" = C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"E:\Program Files\KONAMI\Pro Evolution Soccer 2013\pes2013.exe" = E:\Program Files\KONAMI\Pro Evolution Soccer 2013\pes2013.exe:*:Enabled:Pro Evolution Soccer 2013 -- (Konami Digital Entertainment Co., Ltd.)
"E:\Program Files\Steam\SteamApps\common\Football Manager 2013 Editor\editor.exe" = E:\Program Files\Steam\SteamApps\common\Football Manager 2013 Editor\editor.exe:*:Enabled:Football Manager 2013 Editor -- (Sports Interactive)
"E:\Program Files\Steam\SteamApps\common\Football Manager 2013\fm.exe" = E:\Program Files\Steam\SteamApps\common\Football Manager 2013\fm.exe:*:Enabled:Football Manager 2013 -- (Sports Interactive)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"E:\Program Files\Skype\Phone\Skype.exe" = E:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""Sudden Strike - Additional Missions"" = "Sudden Strike - Additional Missions"
""Sudden Strike - Release 1.0"" = "Sudden Strike - Release 1.0"
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0201523C-9CB1-4DD8-ACF4-DA98B20C6968}" = simtrain's Arosa Bahn
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AADA188-3C12-4FDB-8CB5-65D9F76D81CD}" = MtfSE
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2AEB2EFA-477F-4F3F-9864-356AC2141F45}" = aerosoft's - Berliner S-Bahn Teil 1
"{32E2F180-247C-4077-B06A-20F9868568E1}_is1" = UltraMixer 3.0.2.1
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 12 DEMO
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CABD32F-1045-41E2-8670-8E44623F50F9}" = simtrain's simtrain's - Bernina Express
"{4D5B5CDD-77BD-48FB-8E2C-42A41ADC7CEC}" = Top Spin 2
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4EAD1707-B610-47F2-9314-81EE32B96E4A}" = ZyXEL G-220 802.11g Wireless LAN
"{50795E20-2B69-11D6-B782-00A0CC7B9044}" = TGV Pack
"{5155EC96-7397-FCC0-154C-F4814DA6B86C}" = ATI Catalyst Install Manager
"{54574967-9FEF-4C6C-AD9F-1D55FDB3AE4B}" = aerosoft's - London Brighton Express
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = Saboteur™
"{5CCAB9B6-EAF3-4295-A7DF-740D926447FB}" = Sitecom WL-168 Wireless LAN Driver and Utility
"{5FB31CB9-A4A2-49FD-00AF-41785B21FDEE}" = F1 Challenge 99-02
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8E309767-4214-4A04-AB88-FE86155FC151}" = Race Driver
"{91A8649F-C95B-4A69-A453-1F5F694EA437}" = MtfSE
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A9B39004-8748-435E-A4C2-BE983B4C737B}" = Heavy Metal - FAKK2
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3: Raven Shield
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BA10AC78-E687-4523-8B93-540428FC256F}" = Fahrenheit
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio 5
"{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013
"{C52D81A4-61FA-4B1A-A775-3D5AFC24B29A}" = USDigital DiscStudio
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4DAA1DD-22C8-4B73-B942-88537BA4BBF3}" = aerosoft's - Brighton-Portsmouth
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E39734F7-0ADF-4250-BF2A-ED625A5565A4}" = Pro Evolution Soccer 2012 DEMO2
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F200693E-3746-4CAF-B38B-AD760AC08555}" = ProTrain - Romatisches Rheintal
"{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
"{F3EE028B-E030-48C8-8865-C6EE43162672}" = MtfSE300
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F912EF57-65C8-48E8-911F-7FCAF8ADD62E}" = Wireless Network 300N Adapter
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"All To MP3 Converter_is1" = All To MP3 Converter version 3.2.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"ArmA" = ArmA Uninstall
"Ashampoo Burning Studio 11_is1" = Ashampoo Burning Studio 11 v.11.0.3
"ASRock IES_is1" = ASRock IES v2.0.84
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.24
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.81
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Media Player_is1" = AVS Media Player 4.1.9.95
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Blitzkrieg" = Blitzkrieg
"Burn4Free DVD Burning_is1" = Burn4Free DVD Burning 5.8.0.0
"CDisplay_is1" = CDisplay 1.8
"Ceville" = Ceville 1.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EaseUS Partition Master Home Edition_is1" = EaseUS Partition Master 9.2.1 Home Edition
"EAX Unified" = EAX Unified
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fallout" = Fallout
"Fallout 2" = Fallout 2
"Fallout New Vegas_is1" = Fallout New Vegas
"Fallout Tactics" = Fallout Tactics
"Fifa 12 (c) Electronic Arts_is1" = Fifa 12 (c) Electronic Arts version 1
"FM Genie Scout 12_is1" = FM Genie Scout 12 version 1.1
"Football Manager 2011" = Football Manager 2011
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"GlidewrapZbag" = zeckensack's Glide wrapper (remove only)
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Hearts of Iron III DLC pack" = Hearts of Iron III DLC pack
"Hearts of Iron III Sprite Packs" = Hearts of Iron III Sprite Packs
"Hitman - Codename 47" = Hitman - Codename 47
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{8E309767-4214-4A04-AB88-FE86155FC151}" = Race Driver
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"IrfanView" = IrfanView (remove only)
"KaraFun Player_is1" = KaraFun Player
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Operation Flashpoint" = Operation Flashpoint uninstall
"Operation Flashpoint Gold Upgrade" = Operation Flashpoint Gold Upgrade uninstall
"ProTrain 10 Aachen - Köln 1.0" = ProTrain 10 Aachen - Köln 1.0
"ProTrain 2 2.0" = ProTrain 2 2.0
"ProTrain 3 3.0" = ProTrain 3 3.0
"ProTrain 4 Hamburg-Berlin 4.0" = ProTrain 4 Hamburg-Berlin 4.0
"ProTrain 8 - Update auf Version 1.1 1.1" = ProTrain 8 - Update auf Version 1.1 1.1
"ProTrain 8 Hannover-Berlin 1.0" = ProTrain 8 Hannover-Berlin 1.0
"ProTrain Karwendelbahn 1.0" = ProTrain Karwendelbahn 1.0
"ProTrain Rasender Roland 1.0" = ProTrain Rasender Roland 1.0
"ProTrain Vogelfluglinie 1.0" = ProTrain Vogelfluglinie 1.0
"PunkBusterSvc" = PunkBuster Services
"ratDVD" = ratDVD 0.78.1444
"Security Task Manager" = Security Task Manager 1.8d
"Semper Fi_is1" = Semper Fi 1.0
"SopCast" = SopCast 3.4.7
"StarCraft II" = StarCraft II
"Steam App 207890" = Football Manager 2013
"Steam App 220600" = Football Manager 2013 Editor
"Steam App 71270" = Football Manager 2012
"Steam App 71400" = Football Manager 2012 Editor
"Steam App 71410" = Football Manager 2012 Resource Archiver
"StreamTorrent 1.0" = StreamTorrent 1.0
"TEW2005" = TEW2005
"Train Simulator 1.0" = Microsoft Train Simulator
"Train Store V3.2" = Train Store V3.2
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Joint Strike Fighter" = Joint Strike Fighter
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.03.2013 20:02:27 | Computer Name = MASTER-C985A3BE | Source = Application Error | ID = 1000
Description = Faulting application fm.exe, version 13.3.2.26759, faulting module
fm.exe, version 13.3.2.26759, fault address 0x014dc250.
Error - 24.03.2013 07:31:25 | Computer Name = MASTER-C985A3BE | Source = Application Error | ID = 1000
Description = Faulting application fm.exe, version 13.3.2.26759, faulting module
fm.exe, version 13.3.2.26759, fault address 0x014dc250.
Error - 24.03.2013 09:35:41 | Computer Name = MASTER-C985A3BE | Source = Application Error | ID = 1000
Description = Faulting application fm.exe, version 13.3.2.26759, faulting module
fm.exe, version 13.3.2.26759, fault address 0x014dc250.
Error - 26.03.2013 06:27:44 | Computer Name = MASTER-C985A3BE | Source = Application Error | ID = 1000
Description = Faulting application fm.exe, version 13.3.2.26759, faulting module
fm.exe, version 13.3.2.26759, fault address 0x014dc250.
Error - 27.03.2013 06:27:11 | Computer Name = MASTER-C985A3BE | Source = Application Error | ID = 1000
Description = Faulting application fm.exe, version 13.3.2.26759, faulting module
fm.exe, version 13.3.2.26759, fault address 0x014dc250.
Error - 29.03.2013 11:14:41 | Computer Name = MASTER-C985A3BE | Source = Creative Labs SC | ID = 101
Description =
Error - 29.03.2013 12:01:19 | Computer Name = MASTER-C985A3BE | Source = Creative Labs SC | ID = 101
Description =
Error - 29.03.2013 12:47:32 | Computer Name = MASTER-C985A3BE | Source = Creative Labs SC | ID = 101
Description =
Error - 29.03.2013 15:28:44 | Computer Name = MASTER-C985A3BE | Source = Creative Labs SC | ID = 101
Description =
Error - 30.03.2013 04:48:46 | Computer Name = MASTER-C985A3BE | Source = Creative Labs SC | ID = 101
Description =
[ System Events ]
Error - 29.03.2013 12:02:38 | Computer Name = MASTER-C985A3BE | Source = System Error | ID = 1003
Description = Error code 100000ea, parameter1 8a1f7798, parameter2 8ac28d80, parameter3
aba3ccbc, parameter4 00000001.
Error - 29.03.2013 12:47:03 | Computer Name = MASTER-C985A3BE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.
Error - 29.03.2013 14:46:33 | Computer Name = MASTER-C985A3BE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.
Error - 29.03.2013 14:47:36 | Computer Name = MASTER-C985A3BE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.
Error - 29.03.2013 14:52:19 | Computer Name = MASTER-C985A3BE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.
Error - 29.03.2013 14:52:26 | Computer Name = MASTER-C985A3BE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.
Error - 29.03.2013 14:52:39 | Computer Name = MASTER-C985A3BE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.
Error - 29.03.2013 14:53:52 | Computer Name = MASTER-C985A3BE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.
Error - 29.03.2013 15:28:34 | Computer Name = MASTER-C985A3BE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.
Error - 30.03.2013 04:47:26 | Computer Name = MASTER-C985A3BE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.
< End of report >
Code:
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-30 21:08:04
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 ST31000524AS rev.JC45 931,51GB
Running: gmer_2.1.19155.exe; Driver: C:\DOCUME~1\Hulkster\LOCALS~1\Temp\fwtcqpob.sys
---- System - GMER 2.1 ----
SSDT B878A664 ZwClose
SSDT B878A61E ZwCreateKey
SSDT B878A66E ZwCreateSection
SSDT B878A614 ZwCreateThread
SSDT B878A623 ZwDeleteKey
SSDT B878A62D ZwDeleteValueKey
SSDT B878A65F ZwDuplicateObject
SSDT B878A632 ZwLoadKey
SSDT \??\C:\WINXP\system32\drivers\mbamchameleon.sys ZwOpenProcess [0x9E4B3C4C]
SSDT \??\C:\WINXP\system32\drivers\mbamchameleon.sys ZwOpenThread [0x9E4B3D3C]
SSDT B878A687 ZwQueryValueKey
SSDT B878A63C ZwReplaceKey
SSDT B878A678 ZwRequestWaitReplyPort
SSDT B878A637 ZwRestoreKey
SSDT B878A673 ZwSetContextThread
SSDT B878A67D ZwSetSecurityObject
SSDT B878A628 ZwSetValueKey
SSDT B878A682 ZwSystemDebugControl
SSDT B878A60F ZwTerminateProcess
Code \??\C:\DOCUME~1\Hulkster\LOCALS~1\Temp\catchme.sys pIofCallDriver
Code \??\C:\WINXP\system32\drivers\mbamchameleon.sys KeInsertQueueApc
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeInsertQueueApc 804FC4E6 5 Bytes JMP 9E4B6050 \??\C:\WINXP\system32\drivers\mbamchameleon.sys
.text C:\WINXP\system32\DRIVERS\nv4_mini.sys section is writeable [0xB30F23C0, 0x70A9FA, 0xE8000020]
init C:\WINXP\system32\drivers\Ambfilt.sys entry point in "init" section [0xADC66C30]
.text C:\WINXP\system32\DRIVERS\atksgt.sys section is writeable [0xA0A1B300, 0x3B6D8, 0xE8000020]
.text C:\WINXP\system32\DRIVERS\ithsgt.sys section is writeable [0xA092B300, 0x21770, 0xE8000020]
.text C:\WINXP\system32\DRIVERS\lirsgt.sys section is writeable [0xB8468300, 0x1BEE, 0xE8000020]
? C:\WINXP\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\DOCUME~1\Hulkster\LOCALS~1\Temp\catchme.sys The system cannot find the path specified. !
---- Devices - GMER 2.1 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \Driver\atapi -> DriverStartIo \Device\Dev_ffffffff8aede940 89C99864
Device \Driver\atapi \Device\Dev_ffffffff8aede940 89C9C6F2
Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device \Driver\usbstor -> DriverStartIo \Device\Dev_ffffffff8ae82cc8 89B47F26
Device \Driver\usbstor \Device\Dev_ffffffff8ae82cc8 89B4B218
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
---- Modules - GMER 2.1 ----
Module (noname) (*** hidden *** ) 89C92000-89CA9900 (96512 bytes)
Module (noname) (*** hidden *** ) 89B46000-89B4C700 (26368 bytes)
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{8C3F6812-E5DF-48CB-855B-8338D648A792}\0000@D3D_\x3332\x3331 2089309684
Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{BD8DC72F-20E1-47D8-90A2-97DB30101110}\0000@D3D_\x3332\x3331 2089309684
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd50074c
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd50074c@fcc7343033e9 0x75 0x11 0x2F 0x45 ...
Reg HKLM\SYSTEM\ControlSet002\Control\Video\{8C3F6812-E5DF-48CB-855B-8338D648A792}\0000@D3D_\x3332\x3331 2089309684
Reg HKLM\SYSTEM\ControlSet002\Control\Video\{BD8DC72F-20E1-47D8-90A2-97DB30101110}\0000@D3D_\x3332\x3331 2089309684
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd50074c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd50074c@fcc7343033e9 0x75 0x11 0x2F 0x45 ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 1953504003 !
---- EOF - GMER 2.1 ----
|
SecurityCheck und:
Lesestoff: