Erst Werbebombe, jetzt virenverteiler über ICQ. |
||
---|---|---|
#0
| ||
31.05.2010, 19:31
Member
Beiträge: 32 |
||
|
||
31.05.2010, 19:46
Member
Beiträge: 3716 |
||
|
||
31.05.2010, 21:31
Member
Themenstarter Beiträge: 32 |
#3
1. Ein ICQ Nachrichtenfenster öffnet sich von slebst und schickt diese Nachricht ( in dem Link ist der Virus versteckt) an meine "Freunde": "wie findest du mein neues foto so
** hxxp://www.popcorn.ma/img431.imageshack.us.php?image=ICH0737830249202010.JPG" 2. Datenträgerbereinigung habe ich dürchgeführt. 3. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4159 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 31.05.2010 20:41:05 mbam-log-2010-05-31 (20-41-05).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 120171 Laufzeit: 6 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> No action taken. Infizierte Dateiobjekte der Registrierung: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken. C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken. 4. GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-05-31 21:12:32 Windows 6.1.7600 Running: ku01bcis.exe; Driver: C:\Users\Marius\AppData\Local\Temp\kwldipow.sys ---- System - GMER 1.0.15 ---- INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038AF8 INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038104 INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830383F4 INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830212D8 INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83020898 INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830381DC INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038958 INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830386F8 INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038F2C INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830391A8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C51599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C75F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? System32\drivers\fgfkevp.sys Das System kann den angegebenen Pfad nicht finden. ! ? System32\Drivers\spha.sys Das System kann den angegebenen Pfad nicht finden. ! .text USBPORT.SYS!DllUnload 94C88CA0 5 Bytes JMP 862EB4E0 .text peauth.sys 9BE37C9D 28 Bytes [15, 05, 68, CE, DC, AD, FF, ...] .text peauth.sys 9BE37CC1 28 Bytes [15, 05, 68, CE, DC, AD, FF, ...] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [88E81042] \SystemRoot\System32\Drivers\spha.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [88E816D6] \SystemRoot\System32\Drivers\spha.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [88E81800] \SystemRoot\System32\Drivers\spha.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [88E8113E] \SystemRoot\System32\Drivers\spha.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73C32494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73C15624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73C156E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73C3250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73C28573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73C24D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73C250CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73C251A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73C266D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73C282CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73C28819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73C2907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73C2E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73C24C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 850761F8 Device \FileSystem\fastfat \FatCdrom 872DB1F8 Device \Driver\usbuhci \Device\USBPDO-0 862F1500 Device \Driver\usbuhci \Device\USBPDO-1 862F1500 Device \Driver\usbuhci \Device\USBPDO-2 862F1500 Device \Driver\usbehci \Device\USBPDO-3 8628C500 Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\usbuhci \Device\USBPDO-4 862F1500 Device \Driver\usbuhci \Device\USBPDO-5 862F1500 Device \Driver\usbuhci \Device\USBPDO-6 862F1500 Device \Driver\volmgr \Device\HarddiskVolume1 850721F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\usbehci \Device\USBPDO-7 8628C500 Device \Driver\volmgr \Device\HarddiskVolume2 850721F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 861861F8 Device \Driver\volmgr \Device\HarddiskVolume3 850721F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom1 861861F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 850741F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 850741F8 Device \Driver\atapi \Device\Ide\IdePort0 850741F8 Device \Driver\atapi \Device\Ide\IdePort1 850741F8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-6 850741F8 Device \Driver\atapi \Device\Ide\IdePort2 850741F8 Device \Driver\atapi \Device\Ide\IdePort3 850741F8 Device \Driver\atapi \Device\Ide\IdePort4 850741F8 Device \Driver\atapi \Device\Ide\IdePort5 850741F8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-4 850741F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-8 850741F8 Device \Driver\volmgr \Device\HarddiskVolume4 850721F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume5 850721F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBT_Tcpip_{6D717477-B8CC-4249-AEBF-1E1A4A772FDA} 862361F8 Device \Driver\volmgr \Device\HarddiskVolume6 850721F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\USBSTOR \Device\00000069 86D12500 Device \Driver\NetBT \Device\NetBt_Wins_Export 862361F8 Device \Driver\USBSTOR \Device\0000006a 86D12500 Device \Driver\usbuhci \Device\USBFDO-0 862F1500 Device \Driver\usbuhci \Device\USBFDO-1 862F1500 Device \Driver\usbuhci \Device\USBFDO-2 862F1500 Device \Driver\usbehci \Device\USBFDO-3 8628C500 Device \Driver\usbuhci \Device\USBFDO-4 862F1500 Device \Driver\usbuhci \Device\USBFDO-5 862F1500 Device \Driver\usbuhci \Device\USBFDO-6 862F1500 Device \Driver\usbehci \Device\USBFDO-7 8628C500 Device \FileSystem\fastfat \Fat 872DB1F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) Device \FileSystem\cdfs \Cdfs 871E51F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 ---- Files - GMER 1.0.15 ---- File C:\System Volume Information\SPP\metadata-2 5724352 bytes File C:\System Volume Information\SPP\snapshot-2 8640 bytes ---- EOF - GMER 1.0.15 ---- 5. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:25:44, on 31.05.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Hardcopy\hardcopy.exe C:\Users\Public\winnsvc.exe D:\Program Files (x86)\Opera\opera.exe C:\Program Files\Orbitdownloader\orbitdm.exe C:\Program Files\Orbitdownloader\orbitnet.exe C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvr.exe D:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4 O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Windows System Manager] C:\Users\Public\winnsvc.exe O4 - Global Startup: Hardcopy.LNK = C:\Program Files\Hardcopy\hardcopy.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Free YouTube Download - C:\Users\Marius\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marius\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe -- End of file - 6995 bytes 6. Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.3.2 - Deutsch Alarm für Cobra 11 - Nitro (remove only) ASIO4ALL Avira AntiVir Personal - Free Antivirus Crysis(R) Disk Doctors File Shredder 1.0.0 DivX-Setup Firebird SQL Server - MAGIX Edition FL Studio 9 Free Audio CD Burner version 1.2 Free YouTube Download 2.4 Free YouTube to MP3 Converter version 3.3 Hardcopy (C:\Program Files\Hardcopy) Hardcore Hercules DJ Products Series drivers HiJackThis ICQ7.1 IL Download Manager IrfanView (remove only) Junk Mail filter update Loadstreet Fresh RAM 5.0 MAGIX Music Maker 16 Download-Version MAGIX Screenshare MAGIX Speed burnR Malwarebytes' Anti-Malware maxdome - Online Videothek Version 3.1.0 Microsoft Choice Guard Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (German) 2007 Microsoft Office Home and Student 2007 Microsoft Office Home and Student 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (German) 2007 Microsoft Office Word MUI (German) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 MSI Afterburner 1.5.1 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 8 Essentials NVIDIA Display Control Panel NVIDIA Drivers Opera 10.53 Orbit Downloader PhotoScape PlayReady PC Runtime x86 PoiZone Prüfungsfragen-CD Version 1.6 PunkBuster Services PVSonyDll Sakura Sawer Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for 2007 Microsoft Office System (KB978380) Security Update for Microsoft Office Excel 2007 (KB978382) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) SimpleOCR 3.1 Skype Toolbars Skype™ 4.2 SpeedFan (remove only) System Requirements Lab TerraTec Home Cinema Text-To-Speech-Runtime Toxic Biohazard Uninstall 1.0.0.1 Update for 2007 Microsoft Office System (KB967642) Update for 2007 Microsoft Office System (KB981715) Update for Microsoft Office InfoPath 2007 (KB976416) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Word 2007 (KB974561) Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) VC80CRTRedist - 8.0.50727.4053 Virtual DJ - Atomix Productions VLC media player 1.0.5 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Essentials Windows Live Fotogalerie Windows Live ID-Anmelde-Assistent Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Sync Windows Live Toolbar Windows Live Writer Windows Live-Uploadtool WinRAR Habe schon vor einer kompletten Systemwiederherstellung gehört.? Weis jemand davon was.? ** Warnung : popcorn.ma/img431.imageshack.us.php?image=ICH0737830249202010.JPG ist Infiziert !! |
|
|
||
01.06.2010, 15:42
Member
Beiträge: 3716 |
#4
ootl:
Systemscan mit OTL download otl: http://oldtimer.geekstogo.com/OTL.exe Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "run Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide, evtl müssen sie aufgeteilt werden. |
|
|
||
01.06.2010, 17:14
Member
Themenstarter Beiträge: 32 |
#5
OTL:
OTL logfile created on: 01.06.2010 16:43:20 - Run 1 OTL by OldTimer - Version 3.2.5.2 Folder = C:\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 152,66 Gb Total Space | 21,40 Gb Free Space | 14,01% Space Free | Partition Type: NTFS Drive D: | 303,35 Gb Total Space | 76,81 Gb Free Space | 25,32% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 76,69 Gb Total Space | 55,23 Gb Free Space | 72,01% Space Free | Partition Type: NTFS Drive G: | 150,69 Gb Total Space | 39,33 Gb Free Space | 26,10% Space Free | Partition Type: NTFS H: Drive not present or media not loaded Drive I: | 3,77 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive J: | 960,70 Mb Total Space | 5,70 Mb Free Space | 0,59% Space Free | Partition Type: FAT Computer Name: HOME-PC Current User Name: Marius Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\Marius\AppData\Local\Temp\It2.exe () PRC - C:\Users\Marius\AppData\Local\Temp\It1.exe () PRC - C:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Public\winnsvc.exe () PRC - C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) PRC - C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) PRC - D:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Orbitdownloader\orbitnet.exe (Orbitdownloader.com) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation) PRC - C:\Program Files\Internet Explorer\IELowutil.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - C:\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (HerculesDJControlMP3) -- C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE () [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation) DRV - (HDJAsioK) -- C:\Windows\System32\drivers\HDJAsioK.sys (© Guillemot R&D, 2009. All rights reserved.) DRV - (HDJMidi) -- C:\Windows\System32\drivers\HDJMidi.sys (© Guillemot R&D, 2009. All rights reserved.) DRV - (Bulk) -- C:\Windows\System32\drivers\HDJBulk.sys (© Guillemot R&D, 2009. All rights reserved.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation) DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation ) DRV - (ElRawDisk) -- C:\Windows\System32\drivers\dddsk.sys (EldoS Corporation) DRV - (AF9035BDA) -- C:\Windows\System32\drivers\AF9035BDA.sys (AfaTech ) DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider) DRV - (giveio) -- C:\Windows\system32\giveio.sys () [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-867199820-2383848948-1206279136-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-867199820-2383848948-1206279136-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-867199820-2383848948-1206279136-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 A0 74 16 BA E0 CA 01 [binary data] IE - HKU\S-1-5-21-867199820-2383848948-1206279136-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 [2010.04.03 18:13:28 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\mozilla\Extensions [2010.05.31 21:12:20 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\mozilla\Firefox\Profiles\gqubi56j.default\extensions [2010.04.30 17:01:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marius\AppData\Roaming\mozilla\Firefox\Profiles\gqubi56j.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} O1 HOSTS File: ([2010.05.31 21:58:32 | 000,397,022 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 13701 more lines... O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001..\Run: [M5T8QL3YW3] C:\Users\Marius\AppData\Local\Temp\It2.exe () O4 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001..\Run: [Windows System Manager] C:\Users\Public\winnsvc.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data] O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data] O7 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 1 O7 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube Download - C:\Users\Marius\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marius\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.12.18 13:40:50 | 000,000,040 | R--- | M] () - I:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{a0783e38-3f3a-11df-85a5-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a0783e38-3f3a-11df-85a5-806e6f6e6963}\Shell\AutoRun\command - "" = I:\menue.exe -- [2010.02.15 17:34:28 | 004,486,040 | R--- | M] (Computec Media AG ) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2009.07.14 04:37:08 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: File Shredder - hkey= - key= - C:\Program Files\Disk Doctors File Shredder\File Shredder.exe (Disk Doctor Labs Inc.) MsConfig - StartUpReg: Halo2 - hkey= - key= - C:\Users\Marius\AppData\Local\Temp\sshnas21.DLL File not found MsConfig - StartUpReg: Hercules DJ Series - hkey= - key= - C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®) MsConfig - StartUpReg: M5T8QL3YW3 - hkey= - key= - C:\Users\Marius\AppData\Local\Temp\It1.exe () MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: RGSC - hkey= - key= - C:\Programme\Rockstar Games\Grand Theft Auto IV\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe File not found MsConfig - State: "bootini" - 2 MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010.05.31 21:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.05.31 21:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010.05.31 20:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010.05.31 20:31:49 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Roaming\Malwarebytes [2010.05.31 20:31:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.05.31 20:31:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.05.31 20:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.05.31 20:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.29 15:46:32 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll [2010.05.29 15:46:32 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll [2010.05.29 15:46:29 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll [2010.05.29 15:46:29 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll [2010.05.29 15:46:27 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll [2010.05.29 15:45:58 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll [2010.05.29 15:45:57 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll [2010.05.29 15:45:57 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll [2010.05.29 15:45:55 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll [2010.05.29 15:45:54 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll [2010.05.29 15:45:54 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll [2010.05.29 15:45:54 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll [2010.05.29 15:34:04 | 000,067,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysinfo.ocx [2010.05.29 15:34:03 | 000,609,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comctl32.ocx [2010.05.29 15:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Loadstreet [2010.05.29 14:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSI Afterburner [2010.05.29 14:22:27 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Roaming\IrfanView [2010.05.29 14:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView [2010.05.29 14:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan [2010.05.26 15:36:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.05.16 16:56:22 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Local\http___www.julien-manici [2010.05.12 18:49:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan [2010.05.12 18:49:14 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Roaming\Canon [2010.05.12 18:47:26 | 000,000,000 | ---D | C] -- C:\Program Files\SimpleOCR [2010.05.11 13:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\Hardcopy [2010.05.11 13:23:29 | 000,501,760 | ---- | C] (www.sw4you.de Siegfried Weckmann) -- C:\Windows\SwSetupu.exe [2010.05.08 12:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab [2010.05.08 12:08:53 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll [2010.05.08 12:08:53 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll [2010.05.08 12:08:52 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll [2010.05.08 12:08:49 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll [2010.05.08 12:08:49 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll [2010.05.08 12:08:49 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll [2010.05.07 20:21:17 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Roaming\skypePM [2010.05.07 20:19:23 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Roaming\Skype [2010.05.07 20:18:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2010.05.07 20:18:30 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2010.05.07 20:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2010.05.06 14:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy [2010.05.03 21:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2 [2010.05.03 21:03:48 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\rewire.dll [2010.05.03 21:03:46 | 000,000,000 | ---D | C] -- C:\Users\Marius\Documents\Image-Line [2010.05.03 21:03:35 | 001,554,944 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\System32\vorbis.acm [2010.05.03 21:03:14 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins [2010.05.03 21:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim [2010.05.03 21:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010.06.01 16:45:10 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.01 16:45:10 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.01 16:39:33 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.06.01 16:39:29 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.06.01 16:37:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.01 16:37:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.01 16:37:33 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2010.06.01 15:46:10 | 006,553,600 | -HS- | M] () -- C:\Users\Marius\NTUSER.DAT [2010.05.31 23:06:06 | 006,457,858 | -H-- | M] () -- C:\Users\Marius\AppData\Local\IconCache.db [2010.05.31 21:58:32 | 000,397,022 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.05.31 21:49:53 | 000,001,222 | ---- | M] () -- C:\Users\Marius\Desktop\Spybot - Search & Destroy.lnk [2010.05.31 20:57:08 | 000,002,969 | ---- | M] () -- C:\Users\Marius\Desktop\HiJackThis.lnk [2010.05.31 20:31:41 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.30 20:19:47 | 000,026,624 | ---- | M] () -- C:\Users\Marius\Documents\WAITING FOR ANYA CHAPTER 8 VOCABULARY LIST.doc [2010.05.30 20:19:25 | 000,024,064 | ---- | M] () -- C:\Users\Marius\Documents\WAITING FOR ANYA CHAPTER 7 VOCABULARY LIST.doc [2010.05.29 16:02:44 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.05.29 15:59:36 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Alarm für Cobra 11 - Nitro spielen.lnk [2010.05.29 15:34:04 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Loadstreet Fresh RAM.lnk [2010.05.29 15:08:14 | 000,050,136 | ---- | M] () -- C:\Windows\System32\energy-report.html [2010.05.29 14:59:53 | 000,000,486 | RHS- | M] () -- C:\Users\Marius\ntuser.pol [2010.05.29 14:28:13 | 000,001,050 | ---- | M] () -- C:\Users\Marius\Desktop\MSI Afterburner.lnk [2010.05.29 14:22:27 | 000,001,854 | ---- | M] () -- C:\Users\Marius\Desktop\IrfanView Thumbnails.lnk [2010.05.29 14:22:27 | 000,000,974 | ---- | M] () -- C:\Users\Marius\Desktop\IrfanView.lnk [2010.05.29 14:16:07 | 000,000,971 | ---- | M] () -- C:\Users\Marius\Desktop\SpeedFan.lnk [2010.05.29 14:16:06 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo [2010.05.26 17:49:20 | 000,000,886 | ---- | M] () -- C:\Users\Marius\Desktop\gta_sa - Verknüpfung.lnk [2010.05.26 15:35:42 | 000,001,185 | ---- | M] () -- C:\Users\Public\Desktop\Crysis.lnk [2010.05.23 14:44:04 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.23 14:44:04 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.23 14:44:04 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.23 14:44:04 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.23 14:44:04 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.05.16 20:04:25 | 000,024,319 | ---- | M] () -- C:\Users\Marius\Documents\Abmahnung wegen Urheberrechtsverletzung 2.docx [2010.05.16 20:00:33 | 000,098,776 | ---- | M] () -- C:\Users\Marius\Documents\Abmahnung wegen Urheberrechtsverletzung 1.rtf [2010.05.16 19:54:18 | 000,098,739 | ---- | M] () -- C:\Users\Marius\Documents\Abmahnung wegen Urheberrechtsverletzung.doc [2010.05.16 16:55:11 | 000,001,015 | ---- | M] () -- C:\Users\Marius\Desktop\Orbit.lnk [2010.05.14 20:49:57 | 000,000,666 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2010.05.13 00:05:56 | 005,277,532 | ---- | M] () -- C:\Users\Marius\langeweile alltaahh xD.avi [2010.05.13 00:02:13 | 000,001,203 | ---- | M] () -- C:\Users\Marius\Desktop\DVDVideoSoft Free Studio.lnk [2010.05.12 22:03:31 | 000,000,342 | ---- | M] () -- C:\Windows\SoftWriting.ini [2010.05.12 13:28:03 | 000,013,227 | ---- | M] () -- C:\Users\Marius\Documents\Mein Film.wlmp [2010.05.12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.05.11 19:19:47 | 000,001,917 | ---- | M] () -- C:\Users\Marius\Desktop\LaunchGTAIV - Verknüpfung (2).lnk [2010.05.11 19:18:52 | 000,002,057 | ---- | M] () -- C:\Users\Marius\Desktop\Grand Theft Auto IV + 5 trainer - Verknüpfung.lnk [2010.05.11 13:23:54 | 000,002,319 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK [2010.05.10 20:22:47 | 000,013,312 | ---- | M] () -- C:\Users\Marius\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.08 13:23:17 | 000,000,789 | ---- | M] () -- C:\Users\Marius\Desktop\CoD2SP_s - Verknüpfung.lnk [2010.05.08 13:06:37 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml [2010.05.08 13:06:37 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml [2010.05.08 12:09:45 | 000,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.05.08 12:09:45 | 000,022,328 | ---- | M] () -- C:\Users\Marius\AppData\Roaming\PnkBstrK.sys [2010.05.08 12:09:05 | 000,669,184 | ---- | M] () -- C:\Windows\System32\pbsvc.exe [2010.05.08 10:54:31 | 000,331,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.05.07 21:54:16 | 000,045,286 | ---- | M] () -- C:\Users\Marius\Documents\LG Köln (Waldorf Anwälte).docx [2010.05.07 20:58:36 | 000,084,632 | ---- | M] () -- C:\Users\Marius\AppData\Local\GDIPFONTCACHEV1.DAT [2010.05.07 20:21:18 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2010.05.07 20:18:31 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010.05.05 15:53:23 | 000,014,081 | ---- | M] () -- C:\Users\Marius\Documents\Kanzlei Waldorf.docx [2010.05.05 15:53:16 | 000,012,299 | ---- | M] () -- C:\Users\Marius\Documents\Torrent Abmahung.docx [2010.05.03 21:03:48 | 000,001,103 | ---- | M] () -- C:\Users\Marius\Desktop\FL Studio 9.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010.06.01 16:39:21 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.06.01 16:39:20 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.05.31 21:49:53 | 000,001,222 | ---- | C] () -- C:\Users\Marius\Desktop\Spybot - Search & Destroy.lnk [2010.05.31 20:57:08 | 000,002,969 | ---- | C] () -- C:\Users\Marius\Desktop\HiJackThis.lnk [2010.05.31 20:31:41 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.30 20:19:47 | 000,026,624 | ---- | C] () -- C:\Users\Marius\Documents\WAITING FOR ANYA CHAPTER 8 VOCABULARY LIST.doc [2010.05.30 20:19:25 | 000,024,064 | ---- | C] () -- C:\Users\Marius\Documents\WAITING FOR ANYA CHAPTER 7 VOCABULARY LIST.doc [2010.05.29 16:02:44 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.05.29 15:59:36 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Alarm für Cobra 11 - Nitro spielen.lnk [2010.05.29 15:34:04 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Loadstreet Fresh RAM.lnk [2010.05.29 15:08:14 | 000,050,136 | ---- | C] () -- C:\Windows\System32\energy-report.html [2010.05.29 14:59:53 | 000,000,486 | RHS- | C] () -- C:\Users\Marius\ntuser.pol [2010.05.29 14:28:13 | 000,001,050 | ---- | C] () -- C:\Users\Marius\Desktop\MSI Afterburner.lnk [2010.05.29 14:22:27 | 000,001,854 | ---- | C] () -- C:\Users\Marius\Desktop\IrfanView Thumbnails.lnk [2010.05.29 14:22:27 | 000,000,974 | ---- | C] () -- C:\Users\Marius\Desktop\IrfanView.lnk [2010.05.29 14:16:07 | 000,000,971 | ---- | C] () -- C:\Users\Marius\Desktop\SpeedFan.lnk [2010.05.29 14:15:58 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo [2010.05.26 17:49:20 | 000,000,886 | ---- | C] () -- C:\Users\Marius\Desktop\gta_sa - Verknüpfung.lnk [2010.05.16 20:04:23 | 000,024,319 | ---- | C] () -- C:\Users\Marius\Documents\Abmahnung wegen Urheberrechtsverletzung 2.docx [2010.05.16 20:00:30 | 000,098,776 | ---- | C] () -- C:\Users\Marius\Documents\Abmahnung wegen Urheberrechtsverletzung 1.rtf [2010.05.13 00:05:58 | 000,012,800 | -HS- | C] () -- C:\Users\Marius\Thumbs.db [2010.05.13 00:05:52 | 005,277,532 | ---- | C] () -- C:\Users\Marius\langeweile alltaahh xD.avi [2010.05.12 21:05:18 | 000,098,739 | ---- | C] () -- C:\Users\Marius\Documents\Abmahnung wegen Urheberrechtsverletzung.doc [2010.05.12 18:47:28 | 000,000,342 | ---- | C] () -- C:\Windows\SoftWriting.ini [2010.05.12 13:20:24 | 000,013,227 | ---- | C] () -- C:\Users\Marius\Documents\Mein Film.wlmp [2010.05.11 19:19:47 | 000,001,917 | ---- | C] () -- C:\Users\Marius\Desktop\LaunchGTAIV - Verknüpfung (2).lnk [2010.05.11 19:18:52 | 000,002,057 | ---- | C] () -- C:\Users\Marius\Desktop\Grand Theft Auto IV + 5 trainer - Verknüpfung.lnk [2010.05.11 13:23:54 | 000,002,319 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK [2010.05.08 13:23:17 | 000,000,789 | ---- | C] () -- C:\Users\Marius\Desktop\CoD2SP_s - Verknüpfung.lnk [2010.05.08 12:09:45 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.05.08 12:09:45 | 000,022,328 | ---- | C] () -- C:\Users\Marius\AppData\Roaming\PnkBstrK.sys [2010.05.08 12:09:11 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.05.08 12:09:05 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2010.05.08 12:09:05 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010.05.08 12:08:09 | 000,001,185 | ---- | C] () -- C:\Users\Public\Desktop\Crysis.lnk [2010.05.07 21:54:15 | 000,045,286 | ---- | C] () -- C:\Users\Marius\Documents\LG Köln (Waldorf Anwälte).docx [2010.05.07 20:21:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.07 20:18:31 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2010.05.05 15:53:22 | 000,014,081 | ---- | C] () -- C:\Users\Marius\Documents\Kanzlei Waldorf.docx [2010.05.05 15:53:16 | 000,012,299 | ---- | C] () -- C:\Users\Marius\Documents\Torrent Abmahung.docx [2010.05.03 21:03:48 | 000,001,103 | ---- | C] () -- C:\Users\Marius\Desktop\FL Studio 9.lnk [2010.04.19 16:23:45 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.04.15 19:31:55 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys [color=#E56717]========== LOP Check ==========[/color] [2010.05.12 18:49:14 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Canon [2010.04.15 19:30:50 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\DAEMON Tools Lite [2010.05.13 00:02:18 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\DVDVideoSoftIEHelpers [2010.04.15 14:23:27 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\GrabPro [2010.06.01 16:39:35 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\ICQ [2010.05.29 14:24:18 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\IrfanView [2010.04.19 16:27:23 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\MAGIX [2010.04.03 18:34:35 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Opera [2010.06.01 16:41:32 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Orbit [2010.04.08 20:43:05 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\TerraTec [2009.07.14 06:53:46 | 000,022,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.06.01 16:39:33 | 000,000,290 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.06.01 16:39:29 | 000,000,290 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color] [color=#A23BEC]< %APPDATA%\*. >[/color] [2010.04.04 14:31:47 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Adobe [2010.04.07 22:03:11 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Avira [2010.05.12 18:49:14 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Canon [2010.04.15 19:30:50 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\DAEMON Tools Lite [2010.04.11 21:33:30 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\DivX [2010.04.10 01:01:25 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\dvdcss [2010.05.13 00:02:18 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\DVDVideoSoftIEHelpers [2010.04.15 14:23:27 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\GrabPro [2010.06.01 16:39:35 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\ICQ [2010.04.03 17:51:35 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Identities [2010.04.08 14:36:19 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\InstallShield [2010.05.29 14:24:18 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\IrfanView [2010.04.03 18:29:20 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Macromedia [2010.04.19 16:27:23 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\MAGIX [2010.05.31 20:31:49 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Malwarebytes [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Media Center Programs [2010.05.31 20:57:07 | 000,000,000 | --SD | M] -- C:\Users\Marius\AppData\Roaming\Microsoft [2010.04.03 18:13:28 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Mozilla [2010.04.07 12:00:34 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Nero [2010.04.03 18:34:35 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Opera [2010.06.01 16:41:32 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Orbit [2010.04.16 14:52:06 | 000,000,000 | RH-D | M] -- C:\Users\Marius\AppData\Roaming\SecuROM [2010.05.15 01:01:29 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Skype [2010.05.15 00:05:15 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\skypePM [2010.04.08 20:43:05 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\TerraTec [2010.05.16 14:55:14 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\vlc [2010.04.03 22:00:41 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\WinRAR [color=#A23BEC]< %APPDATA%\*.exe /s >[/color] [2010.05.31 20:57:07 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Marius\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color] [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [color=#A23BEC]< MD5 for: IASTORV.SYS >[/color] [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll [color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color] [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [color=#A23BEC]< MD5 for: WS2IFSL.SYS >[/color] [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [2010.04.15 19:31:55 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll < End of report > Extras: OTL Extras logfile created on: 01.06.2010 16:43:20 - Run 1 OTL by OldTimer - Version 3.2.5.2 Folder = C:\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 152,66 Gb Total Space | 21,40 Gb Free Space | 14,01% Space Free | Partition Type: NTFS Drive D: | 303,35 Gb Total Space | 76,81 Gb Free Space | 25,32% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 76,69 Gb Total Space | 55,23 Gb Free Space | 72,01% Space Free | Partition Type: NTFS Drive G: | 150,69 Gb Total Space | 39,33 Gb Free Space | 26,10% Space Free | Partition Type: NTFS H: Drive not present or media not loaded Drive I: | 3,77 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive J: | 960,70 Mb Total Space | 5,70 Mb Free Space | 0,59% Space Free | Partition Type: FAT Computer Name: HOME-PC Current User Name: Marius Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .reg [@ = Regedit.Document] -- c:\Winnt\Regedit.exe File not found [HKEY_USERS\S-1-5-21-867199820-2383848948-1206279136-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R) "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent "{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{33999F1F-EA46-4E55-A239-1BA803235396}" = Hercules DJ Products Series drivers "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema "{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab "{A6DD7A9D-198F-4CB2-97DB-4F429E39319A}_is1" = Disk Doctors File Shredder 1.0.0 "{AC2FE961-EC77-43D8-9760-BE992408D1E3}_is1" = Loadstreet Fresh RAM 5.0 "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch "{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Afterburner" = MSI Afterburner 1.5.1 "ASIO4ALL" = ASIO4ALL "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "C11-Nitro" = Alarm für Cobra 11 - Nitro (remove only) "DivX Setup.divx.com" = DivX-Setup "FL Studio 9" = FL Studio 9 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free YouTube Download_is1" = Free YouTube Download 2.4 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3 "Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy) "Hardcore" = Hardcore "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "IL Download Manager" = IL Download Manager "IrfanView" = IrfanView (remove only) "MAGIX Music Maker 16 Download-Version D" = MAGIX Music Maker 16 Download-Version "MAGIX Screenshare D" = MAGIX Screenshare "MAGIX Speed burnR D" = MAGIX Speed burnR "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "maxdome - Online Videothek_is1" = maxdome - Online Videothek Version 3.1.0 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "Orbit_is1" = Orbit Downloader "PhotoScape" = PhotoScape "PoiZone" = PoiZone "Prüfungsfragen-CD_is1" = Prüfungsfragen-CD Version 1.6 "PunkBusterSvc" = PunkBuster Services "Sakura" = Sakura "Sawer" = Sawer "SimpleOCR 3.1" = SimpleOCR 3.1 "SpeedFan" = SpeedFan (remove only) "Toxic Biohazard" = Toxic Biohazard "Uninstall_is1" = Uninstall 1.0.0.1 "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VLC media player" = VLC media player 1.0.5 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 25.05.2010 11:18:37 | Computer Name = Home-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385, Zeitstempel: 0x4a5bccb3 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdaae Ausnahmecode: 0x0000046b Fehleroffset: 0x00009617 ID des fehlerhaften Prozesses: 0xa6c Startzeit der fehlerhaften Anwendung: 0x01cafc0e166aa169 Pfad der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: ca08edcc-6810-11df-8fbe-001fd0941148 Error - 29.05.2010 08:40:07 | Computer Name = Home-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CINEBENCH Windows 32 Bit.exe, Version: 11.5.2.9, Zeitstempel: 0x4b750c1c Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdaae Ausnahmecode: 0xc06d007e Fehleroffset: 0x00009617 ID des fehlerhaften Prozesses: 0x104c Startzeit der fehlerhaften Anwendung: 0x01caff2c101bbb03 Pfad der fehlerhaften Anwendung: C:\Programme (x86)\Cinebench x32\CINEBENCH Windows 32 Bit.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 4f244124-6b1f-11df-8949-001fd0941148 Error - 29.05.2010 08:40:26 | Computer Name = Home-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CINEBENCH Windows 32 Bit.exe, Version: 11.5.2.9, Zeitstempel: 0x4b750c1c Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdaae Ausnahmecode: 0xc06d007e Fehleroffset: 0x00009617 ID des fehlerhaften Prozesses: 0x177c Startzeit der fehlerhaften Anwendung: 0x01caff2c1d4844b5 Pfad der fehlerhaften Anwendung: C:\Programme (x86)\Cinebench x32\CINEBENCH Windows 32 Bit.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 5af72936-6b1f-11df-8949-001fd0941148 Error - 29.05.2010 09:45:23 | Computer Name = Home-PC | Source = VSS | ID = 8194 Description = Error - 31.05.2010 13:56:13 | Computer Name = Home-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\asio4all v2\a4apanel64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 31.05.2010 13:57:19 | Computer Name = Home-PC | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search enhancement pack\search box extension\SrchBxEx.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files\microsoft\search enhancement pack\search box extension\SrchBxEx.dll" in Zeile 2. Ungültige XML-Syntax. Error - 31.05.2010 13:57:19 | Computer Name = Home-PC | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll" in Zeile 2. Ungültige XML-Syntax. Error - 31.05.2010 13:57:19 | Computer Name = Home-PC | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll" in Zeile 2. Ungültige XML-Syntax. Error - 31.05.2010 13:57:50 | Computer Name = Home-PC | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll" in Zeile 2. Ungültige XML-Syntax. Error - 31.05.2010 14:50:59 | Computer Name = Home-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: 9589.exe, Version: 0.0.0.0, Zeitstempel: 0x4c03f619 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x45c Startzeit der fehlerhaften Anwendung: 0x01cb00f2348fc67a Pfad der fehlerhaften Anwendung: C:\Users\Marius\AppData\Local\Temp\9589.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 73593043-6ce5-11df-acd3-001fd0941148 [ Media Center Events ] Error - 24.05.2010 15:31:36 | Computer Name = Home-PC | Source = MCUpdate | ID = 0 Description = 21:31:29 - Fehler beim Herstellen der Internetverbindung. 21:31:29 - Serververbindung konnte nicht hergestellt werden.. Error - 24.05.2010 16:31:48 | Computer Name = Home-PC | Source = MCUpdate | ID = 0 Description = 22:31:48 - Fehler beim Herstellen der Internetverbindung. 22:31:48 - Serververbindung konnte nicht hergestellt werden.. Error - 24.05.2010 16:32:06 | Computer Name = Home-PC | Source = MCUpdate | ID = 0 Description = 22:31:54 - Fehler beim Herstellen der Internetverbindung. 22:31:54 - Serververbindung konnte nicht hergestellt werden.. Error - 26.05.2010 21:23:46 | Computer Name = Home-PC | Source = MCUpdate | ID = 0 Description = 03:23:37 - Fehler beim Herstellen der Internetverbindung. 03:23:37 - Serververbindung konnte nicht hergestellt werden.. Error - 26.05.2010 22:23:54 | Computer Name = Home-PC | Source = MCUpdate | ID = 0 Description = 04:23:50 - Fehler beim Herstellen der Internetverbindung. 04:23:50 - Serververbindung konnte nicht hergestellt werden.. Error - 26.05.2010 23:24:01 | Computer Name = Home-PC | Source = MCUpdate | ID = 0 Description = 05:23:58 - Fehler beim Herstellen der Internetverbindung. 05:23:58 - Serververbindung konnte nicht hergestellt werden.. Error - 29.05.2010 16:11:06 | Computer Name = Home-PC | Source = MCUpdate | ID = 0 Description = 22:10:52 - Fehler beim Herstellen der Internetverbindung. 22:10:52 - Serververbindung konnte nicht hergestellt werden.. Error - 29.05.2010 16:11:40 | Computer Name = Home-PC | Source = ehRecvr | ID = 3 Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) Cinergy T-Stick Tuner Error - 29.05.2010 17:11:23 | Computer Name = Home-PC | Source = MCUpdate | ID = 0 Description = 23:11:15 - Fehler beim Herstellen der Internetverbindung. 23:11:15 - Serververbindung konnte nicht hergestellt werden.. Error - 29.05.2010 18:11:37 | Computer Name = Home-PC | Source = MCUpdate | ID = 0 Description = 00:11:30 - Fehler beim Herstellen der Internetverbindung. 00:11:30 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 30.05.2010 11:53:04 | Computer Name = Home-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden. Error - 31.05.2010 13:11:47 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 31.05.2010 13:12:28 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "FABS - Helping agent for MAGIX media database" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 31.05.2010 14:41:49 | Computer Name = Home-PC | Source = DCOM | ID = 10010 Description = Error - 01.06.2010 09:20:10 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "SBSD Security Center Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 01.06.2010 09:20:14 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "SeaPort" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 01.06.2010 09:20:18 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error - 01.06.2010 09:20:37 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error - 01.06.2010 09:20:49 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error - 01.06.2010 09:20:49 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7032 Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 < End of report > |
|
|
||
01.06.2010, 17:40
Member
Beiträge: 3716 |
#6
bis wir mit der reinigung fertig sind, deinstaliere spybot, starte den pc neu.
aber ich würd komplett drauf verzichten, mir persönlich gefällts nicht so. CD-Emulatoren mit DeFogger deaktivieren Du hast CD-Emulatoren wie Alcohol, DaemonTools oder ähnliche auf diesem Computer installiert. Da diese Emulatoren mit Rootkit-Technik arbeiten, können sie die Fahndung nach bösartigen Rootkits verfälschen und erschweren. Aus diesem Grund bitte entweder das folgende Tool zum Deaktivieren laufen lassen oder die Software über Systemsteuerung => Software/Programme deinstallieren. Berichte mir, für welche Variante Du Dich entschieden hast. Die Deaktivierung können wir nach der Bereinigung rückgängig machen. Lade http://www.jpshortstuff.247fixes.com/Defogger.exe herunter und speichere es auf Deinem Desktop. Doppelklicke DeFogger, um das Tool zu starten. • Es öffnet sich das Programm-Fenster des Tools. • Klick auf den Button Disable, um die CD- Emulation-Treiber zu deaktivieren. • Klicke Ja, um fortzufahren. • Wenn die Nachricht 'Finished!' erscheint, • klicke OK. • DeFogger wird nun einen Reboot erfragen - klicke OK • Poste mir das defogger_disable.log hier in den Thread. Keinesfalls die Treiber reaktivieren, bevor es angewiesen wird. Fixen mit OTL • Starte bitte die OTL.exe. Vista-User mit Rechtsklick "als Administrator starten" • Kopiere nun das Folgende in die Textbox. :OTL PRC - C:\Users\Marius\AppData\Local\Temp\It2.exe () PRC - C:\Users\Marius\AppData\Local\Temp\It1.exe () PRC - C:\Users\Public\winnsvc.exe () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O4 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001..\Run: [M5T8QL3YW3] C:\Users\Marius\AppData\Local\Temp\It2.exe () O4 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001..\Run: [Windows System Manager] C:\Users\Public\winnsvc.exe () :files C:\Users\Public\winnsvc.exe C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job :Commands [purity] [EMPTYFLASH] [emptytemp] [start explorer] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Run Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument dieses posten |
|
|
||
01.06.2010, 20:53
Member
Themenstarter Beiträge: 32 |
#7
Als erstes schonmal vielen Dank für die ganze Mühe und so.!!!!
Ich hab alle Emulatoren deaktiviert habe aber keine .log bekommen.. Ich weis nicht, ob es wichtig ist, aber ich habe inzwischen schon viele Rechte verloren, auf meinen Rechner zuzugreifen. Bilder im Anhang. Anhang: Zugriff verweigert.png
|
|
|
||
01.06.2010, 20:58
Member
Themenstarter Beiträge: 32 |
#8
All processes killed
Error: Unable to interpret <PRC - C:\Users\Marius\AppData\Local\Temp\It2.exe ()> in the current context! Error: Unable to interpret <PRC - C:\Users\Marius\AppData\Local\Temp\It1.exe ()> in the current context! Error: Unable to interpret <PRC - C:\Users\Public\winnsvc.exe ()> in the current context! Error: Unable to interpret <O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.> in the current context! Error: Unable to interpret <O4 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001..\Run: [M5T8QL3YW3] C:\Users\Marius\AppData\Local\Temp\It2.exe ()> in the current context! Error: Unable to interpret <O4 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001..\Run: [Windows System Manager] C:\Users\Public\winnsvc.exe ()> in the current context! ========== FILES ========== C:\Users\Public\winnsvc.exe moved successfully. C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job moved successfully. C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Marius ->Flash cache emptied: 20072 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Marius ->Temp folder emptied: 680718 bytes ->Temporary Internet Files folder emptied: 208492374 bytes ->FireFox cache emptied: 82543290 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 5402109 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 283,00 mb OTL by OldTimer - Version 3.2.5.2 log created on 06012010_205505 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
|
||
01.06.2010, 21:00
Member
Themenstarter Beiträge: 32 |
#9
Oh.. Nach dem Einsatz von OTL sieht meine System-Platte, also die Ordner, wieder normal aus. Aber du wirst ja wissen was wirklich noch ist.
Anhang: Normal.png
|
|
|
||
01.06.2010, 21:18
Member
Beiträge: 3716 |
#10
neues otl script
:OTL PRC - C:\Users\Marius\AppData\Local\Temp\It2.exe () PRC - C:\Users\Marius\AppData\Local\Temp\It1.exe () PRC - C:\Users\Public\winnsvc.exe () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O4 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001..\Run: [M5T8QL3YW3] C:\Users\Marius\AppData\Local\Temp\It2.exe () O4 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001..\Run: [Windows System Manager] C:\Users\Public\winnsvc.exe () :files C:\Users\Marius\AppData\Local\Temp\It2.exe C:\Users\Marius\AppData\Local\Temp\It1.exe C:\Users\Public\winnsvc.exe |
|
|
||
01.06.2010, 21:51
Member
Themenstarter Beiträge: 32 |
#11
Error: Unable to interpret <PRC - C:\Users\Marius\AppData\Local\Temp\It2.exe ()> in the current context!
Error: Unable to interpret <PRC - C:\Users\Marius\AppData\Local\Temp\It1.exe ()> in the current context! Error: Unable to interpret <PRC - C:\Users\Public\winnsvc.exe ()> in the current context! Error: Unable to interpret <O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.> in the current context! Error: Unable to interpret <O4 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001..\Run: [M5T8QL3YW3] C:\Users\Marius\AppData\Local\Temp\It2.exe ()> in the current context! Error: Unable to interpret <O4 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001..\Run: [Windows System Manager] C:\Users\Public\winnsvc.exe ()> in the current context! ========== FILES ========== File\Folder C:\Users\Marius\AppData\Local\Temp\It2.exe not found. File\Folder C:\Users\Marius\AppData\Local\Temp\It1.exe not found. File\Folder C:\Users\Public\winnsvc.exe not found. OTL by OldTimer - Version 3.2.5.2 log created on 06012010_214956 |
|
|
||
02.06.2010, 12:31
Member
Beiträge: 3716 |
#12
erstelle bitte ein hijackthis log, poste es,.
|
|
|
||
02.06.2010, 18:19
Member
Themenstarter Beiträge: 32 |
#13
Noch eins.?
Ok.. |
|
|
||
02.06.2010, 18:20
Member
Themenstarter Beiträge: 32 |
#14
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:20:07, on 02.06.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Hardcopy\hardcopy.exe D:\Program Files (x86)\Opera\opera.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4 O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Windows System Manager] C:\Users\Public\winnsvc.exe O4 - HKCU\..\Run: [M5T8QL3YW3] C:\Users\Marius\AppData\Local\Temp\It2.exe O4 - Global Startup: Hardcopy.LNK = C:\Program Files\Hardcopy\hardcopy.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Free YouTube Download - C:\Users\Marius\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marius\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe -- End of file - 6866 bytes |
|
|
||
02.06.2010, 18:47
Member
Themenstarter Beiträge: 32 |
#15
Ach weiste was?
Ich danke dir für die Mühe und alles. Aber nun werde ich wohl eher mein System neu aufsetzen.. Ich glaub das bringt alles nichts, so hier herumzudoktorn. Vielen Dank nochmal. LG |
|
|
||
Vor einigen Tagen bekam ich eine Nachricht per ICQ von wegen neues Foto und so.
Ich klick frohem Mutes drauf, will es öffnen und es klappt nicht, nachher stellte sich heraus, dass es nur 49 KB hat und anscheinen ein Virus war/ ist.
Von da an, öffnete sich ca. alle 10 Minuten der Internet Explorer und zeigte mir igrentwelche Werbeseiten.
Nachdem ich den beiden Prozessen im Taskmanager nachging ("Deiteipfad öffnen"), und die beiden Störenfriede manuell Löschte und anschließend noch mit Avira AntiVir Personal 3 Viren Irgentwo fand, war das Thema für mich Abgeschlossen.
So:
Nun zu meinem jetzigen Problem.. Ich saß vor gut einer Halben Stunde vor dem Rechner und hatte nebenbei ICQ laufen. Plötzlich öffnete sich von selbst ein Nachrichtenfenster und schickte den gleichen Link, den ich auch bekommen hatte, und die gleichen Schriftzeilen an meine "Freunde". Zum glück ist der Internetstecker ja nicht weit, und ich hab in schnell Gezogen..
Wie soll ich denn jetzt weiter vorgehen.? Und gibt es Leute mit einem änlichen, oder sogar mit dem selben Problem.?