Verdacht auf Malware (PC langsam) |
||
---|---|---|
#0
| ||
02.07.2010, 01:29
...neu hier
Beiträge: 7 |
||
|
||
02.07.2010, 18:44
Member
Beiträge: 420 |
#2
Hi, muss nicht unbedingt etwas mit Malware zu tun haben, aber man kann ja mal nachsehen. Wichtig ist, alle nachfolgenden Programme mit Rechtsklick "Als Administrator" auszuführen.
1. Malwarebytes http://www.malwarebytes.org/affiliates/g2g/mbam-setup.exe Malwarebytes bitte installieren, aktualisieren, einen Quick Scan durchführen, evt. Funde entfernen lassen und das Log posten. 2. Gmer http://www.gmer.net/ Gmer downloaden, ausführen. Falls eine Abfrage kommt, ob wegen Rootkit-Aktivitäten ein vollständiger Systemscan erwünscht ist, No wählen. Auf der rechten Seite Häkchen entfernen bei IAT/EAT Allen Laufwerken außer C: Show All Auf Scan klicken und das Ende des Scans abwarten. Mit Save kann das Log abgespeichert werden, dieses Log bitte posten. 3. OTL http://oldtimer.geekstogo.com/OTL.exe Das Programm starten und auf Run Scan klicken. Es werden zwei Logs erstellt, OTL.txt und Extras.txt, die beiden bitte posten. |
|
|
||
03.07.2010, 16:03
...neu hier
Themenstarter Beiträge: 7 |
#3
Hi,
Erstmal danke für deine Hilfe, aber hier nun zu den logfiles: Malwarebytes : Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4200 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 03.07.2010 15:46:45 mbam-log-2010-07-03 (15-46-45).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 128646 Laufzeit: 5 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) OTL: OTL.txt.: OTL logfile created on: 03.07.2010 15:56:40 - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Timm\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 63,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 727,48 Gb Free Space | 78,10% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 1,89 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded Drive G: | 930,86 Gb Total Space | 437,92 Gb Free Space | 47,04% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DISTURBED-PC Current User Name: Timm Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010.07.03 15:49:01 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Timm\Downloads\OTL.exe PRC - [2010.06.28 19:14:43 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010.06.12 19:42:05 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2009.10.20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe PRC - [2009.07.14 00:22:08 | 001,263,616 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe PRC - [2009.04.29 17:44:32 | 000,278,528 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe PRC - [2009.04.29 17:44:30 | 000,569,443 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\MediaSource5\CTCMSu.exe PRC - [2009.04.29 17:44:30 | 000,188,416 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\MediaSource5\CtDetctu.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.12.29 16:32:54 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010.07.03 15:49:01 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Timm\Downloads\OTL.exe MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:64bit: - [2010.05.27 18:59:40 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.04.01 15:11:34 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2010.01.21 16:24:56 | 000,130,048 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV:64bit: - [2009.09.12 00:40:22 | 002,287,360 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag) SRV - [2010.06.20 17:49:09 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2010.06.12 19:42:05 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.05.27 22:26:12 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service) SRV - [2010.05.26 14:30:15 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010.04.28 18:56:19 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.04.01 15:16:50 | 001,401,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.04.01 15:11:26 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2010.03.18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state) SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.10.20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP) SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS) SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2009.07.13 22:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2009.06.16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService) SRV - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:64bit: - [2010.05.27 19:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.05.27 18:25:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.05.17 18:40:56 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri) DRV:64bit: - [2010.05.17 18:40:40 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2010.05.17 18:40:40 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2010.05.15 18:27:27 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.05.11 21:18:45 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.05.11 21:18:45 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.05.06 11:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.04.21 19:46:46 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2010.03.04 21:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.10.14 21:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG) DRV:64bit: - [2009.10.02 19:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.09.14 14:46:42 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2009.09.01 15:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:54:52 | 001,613,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k) DRV:64bit: - [2009.07.14 02:54:38 | 001,568,792 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k) DRV:64bit: - [2009.07.14 02:54:28 | 000,118,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:64bit: - [2009.07.14 02:54:18 | 000,213,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:64bit: - [2009.07.14 02:54:12 | 000,015,896 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:64bit: - [2009.07.14 02:54:04 | 000,179,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:64bit: - [2009.07.14 02:53:54 | 000,696,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV:64bit: - [2009.07.14 02:53:46 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:64bit: - [2009.07.14 02:53:36 | 001,445,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS) DRV:64bit: - [2009.07.14 02:53:36 | 001,445,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX) DRV:64bit: - [2009.07.14 02:53:24 | 000,095,256 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS) DRV:64bit: - [2009.07.14 02:53:24 | 000,095,256 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT) DRV:64bit: - [2009.07.14 02:53:16 | 000,230,424 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS) DRV:64bit: - [2009.07.14 02:53:16 | 000,230,424 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.09 17:30:46 | 001,443,328 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.05.12 15:53:12 | 000,020,480 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlashUSB_x64.sys -- (FlashUSB) DRV:64bit: - [2009.03.25 17:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm) DRV:64bit: - [2009.03.25 17:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) DRV:64bit: - [2009.03.25 17:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2009.03.25 17:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex) DRV:64bit: - [2009.03.25 17:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM) DRV:64bit: - [2009.03.25 17:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) DRV:64bit: - [2009.03.25 17:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl) DRV:64bit: - [2009.02.13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2008.06.17 08:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus) DRV:64bit: - [2007.09.17 15:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2010.02.24 14:41:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.06.10 23:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv) DRV - [2009.06.10 23:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Program Files (x86)\PHPNukeDE\tbPHPN.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2102572 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 D0 05 5F 64 E1 CA 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Program Files (x86)\PHPNukeDE\tbPHPN.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.6 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.7.4 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.06.28 19:14:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.06.28 20:36:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.05.09 14:00:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010.04.21 19:29:36 | 000,000,000 | ---D | M] [2010.05.09 14:00:46 | 000,000,000 | ---D | M] -- C:\Users\Timm\AppData\Roaming\mozilla\Extensions [2010.05.09 14:00:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timm\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.07.03 15:51:12 | 000,000,000 | ---D | M] -- C:\Users\Timm\AppData\Roaming\mozilla\Firefox\Profiles\7usce5sk.default\extensions [2010.06.28 19:36:32 | 000,000,000 | ---D | M] (AniWeather) -- C:\Users\Timm\AppData\Roaming\mozilla\Firefox\Profiles\7usce5sk.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593} [2010.06.29 21:47:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timm\AppData\Roaming\mozilla\Firefox\Profiles\7usce5sk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.05.15 13:32:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Timm\AppData\Roaming\mozilla\Firefox\Profiles\7usce5sk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.06.12 18:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timm\AppData\Roaming\mozilla\Firefox\Profiles\7usce5sk.default\extensions\{c9508125-4747-4733-b048-e4b82dc9716d} [2010.06.29 15:20:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Timm\AppData\Roaming\mozilla\Firefox\Profiles\7usce5sk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.06.14 17:28:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Timm\AppData\Roaming\mozilla\Firefox\Profiles\7usce5sk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.06.29 21:47:04 | 000,000,000 | ---D | M] -- C:\Users\Timm\AppData\Roaming\mozilla\Firefox\Profiles\7usce5sk.default\extensions\staged-xpis [2010.06.28 19:14:51 | 000,000,950 | ---- | M] () -- C:\Users\Timm\AppData\Roaming\Mozilla\FireFox\Profiles\7usce5sk.default\searchplugins\icqplugin-1.xml [2010.05.13 10:01:56 | 000,000,168 | ---- | M] () -- C:\Users\Timm\AppData\Roaming\Mozilla\FireFox\Profiles\7usce5sk.default\searchplugins\icqplugin.gif [2010.05.13 10:01:56 | 000,000,618 | ---- | M] () -- C:\Users\Timm\AppData\Roaming\Mozilla\FireFox\Profiles\7usce5sk.default\searchplugins\icqplugin.src [2010.06.27 17:48:21 | 000,000,947 | ---- | M] () -- C:\Users\Timm\AppData\Roaming\Mozilla\FireFox\Profiles\7usce5sk.default\searchplugins\icqplugin.xml [2010.06.29 15:20:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.04.22 19:23:24 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.04.21 19:29:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Program Files (x86)\PHPNukeDE\tbPHPN.dll (Conduit Ltd.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Program Files (x86)\PHPNukeDE\tbPHPN.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (PHPNukeDE Toolbar) - {C9508125-4747-4733-B048-E4B82DC9716D} - C:\Program Files (x86)\PHPNukeDE\tbPHPN.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [MtdAcqu] C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm () O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.182.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.09.03 15:44:44 | 000,218,376 | R--- | M] () - E:\AutoStarter.exe -- [ CDFS ] O32 - AutoRun File - [2009.09.08 17:08:46 | 000,002,813 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2009.09.09 10:00:35 | 000,000,000 | ---D | M] - E:\autostarter -- [ CDFS ] O33 - MountPoints2\{31f333ae-61cd-11df-91aa-6cf049546794}\Shell - "" = AutoRun O33 - MountPoints2\{31f333ae-61cd-11df-91aa-6cf049546794}\Shell\AutoRun\command - "" = F:\Startme.exe -- File not found O33 - MountPoints2\{34a729b3-6267-11df-85cc-6cf049546794}\Shell - "" = AutoRun O33 - MountPoints2\{34a729b3-6267-11df-85cc-6cf049546794}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found O33 - MountPoints2\{b1aea9d4-579d-11df-9543-6cf049546794}\Shell - "" = AutoRun O33 - MountPoints2\{b1aea9d4-579d-11df-9543-6cf049546794}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010.07.02 16:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.07.02 16:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2010.07.02 02:40:51 | 000,000,000 | ---D | C] -- C:\Users\Timm\AppData\Local\MigWiz [2010.07.01 20:27:07 | 009,591,104 | ---- | C] (DT Soft Ltd.) -- C:\Users\Timm\Desktop\DTLite4356-0091.exe [2010.07.01 17:26:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DeskMates [2010.06.29 17:21:34 | 000,000,000 | ---D | C] -- C:\Users\Timm\AppData\Local\ElevatedDiagnostics [2010.06.28 00:32:58 | 000,000,000 | ---D | C] -- C:\Users\Timm\Documents\WICHTIG ALTES HANDYDESIGN [2010.06.27 22:19:53 | 000,020,480 | ---- | C] (Danish Wireless Design A/S) -- C:\Windows\SysNative\drivers\FlashUSB_x64.sys [2010.06.27 22:08:42 | 000,000,000 | ---D | C] -- C:\Sounds [2010.06.27 21:57:37 | 000,000,000 | ---D | C] -- C:\Users\Timm\AppData\Roaming\LG Electronics [2010.06.23 12:30:07 | 000,000,000 | ---D | C] -- C:\Users\Timm\Documents\4A Games [2010.06.23 12:27:01 | 000,000,000 | ---D | C] -- C:\Users\Timm\AppData\Local\4A Games [2010.06.23 12:26:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2010.06.23 11:57:14 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll [2010.06.23 11:57:14 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll [2010.06.23 11:57:14 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll [2010.06.23 11:57:14 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll [2010.06.23 11:57:13 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll [2010.06.23 11:57:13 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll [2010.06.23 11:57:12 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll [2010.06.23 11:57:12 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll [2010.06.23 11:40:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\METRO 2033 [2010.06.23 11:35:04 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2010.06.23 11:35:04 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2010.06.23 11:35:03 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll [2010.06.23 11:35:03 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2010.06.23 11:35:03 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2010.06.23 11:35:03 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2010.06.23 11:35:03 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2010.06.23 11:34:52 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2010.06.22 17:53:52 | 000,000,000 | ---D | C] -- C:\Users\Timm\Documents\BioWare [2010.06.20 22:24:17 | 000,000,000 | ---D | C] -- C:\Users\Timm\Desktop\DS Cracked [2010.06.20 22:15:56 | 000,000,000 | ---D | C] -- C:\Users\Timm\AppData\Local\Downloaded Installations [2010.06.20 21:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite [2010.06.20 21:07:32 | 000,000,000 | ---D | C] -- C:\Users\Timm\AppData\Roaming\PC Suite [2010.06.20 21:03:54 | 000,066,560 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdclsx64.dll [2010.06.20 21:03:49 | 000,000,000 | ---D | C] -- C:\Programme\DIFX [2010.06.20 21:03:48 | 000,029,184 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys [2010.06.20 21:03:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2010.06.20 21:01:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Samsung_USB_Drivers [2010.06.20 21:01:31 | 000,000,000 | ---D | C] -- C:\Users\Timm\Documents\My NPS Files [2010.06.20 21:01:08 | 000,000,000 | ---D | C] -- C:\Users\Timm\AppData\Roaming\Samsung [2010.06.20 21:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2010.06.20 20:09:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2010.06.20 18:06:55 | 000,166,912 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\CTOPT352.dll [2010.06.20 18:06:54 | 000,061,440 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\CTChkAud.dll [2010.06.20 18:06:54 | 000,042,496 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\AddCat.exe [2010.06.20 16:03:52 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.06.20 15:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2010.06.20 15:28:10 | 000,000,000 | ---D | C] -- C:\ATI [2010.06.18 15:02:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oodag [2010.06.18 14:43:08 | 000,000,000 | ---D | C] -- C:\Programme\OO Software [2010.06.17 19:43:02 | 000,000,000 | ---D | C] -- C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP [2010.06.17 18:29:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010.06.17 18:28:34 | 000,000,000 | ---D | C] -- C:\Users\Timm\Documents\Bioshock2 [2010.06.17 18:28:34 | 000,000,000 | ---D | C] -- C:\Users\Timm\AppData\Roaming\Bioshock2 [2010.06.17 18:14:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VC [2010.06.17 16:54:44 | 000,221,720 | ---- | C] (H+H Software GmbH) -- C:\Windows\SysNative\drivers\vdrv1000.sys [2010.06.17 16:54:44 | 000,024,088 | ---- | C] (H+H Software GmbH) -- C:\Windows\SysNative\drivers\HH10Help.sys [2010.06.17 16:54:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual CD v10 [2010.06.17 16:52:45 | 000,040,464 | ---- | C] (H+H Software GmbH) -- C:\Windows\SysNative\drivers\vcd10bus.sys [2010.06.17 15:44:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2010.06.17 15:44:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2010.06.17 14:27:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games [2010.06.17 14:14:48 | 000,000,000 | ---D | C] -- C:\Spiele [2010.06.15 20:05:16 | 000,000,000 | ---D | C] -- C:\Users\Timm\AppData\Roaming\Malwarebytes [2010.06.15 20:05:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.06.15 20:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.15 20:05:01 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.06.15 20:05:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.06.14 16:54:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab [2010.06.13 19:35:32 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ATI Technologies [2010.06.13 19:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2010.06.13 19:35:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI [2010.06.13 19:32:47 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies [2010.06.12 19:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2010.06.12 18:37:54 | 000,000,000 | ---D | C] -- C:\Users\Timm\AppData\Roaming\Ashampoo [2010.06.12 18:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PHPNukeDE [2010.06.12 18:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2010.06.12 18:36:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO [2010.06.12 18:33:52 | 000,000,000 | ---D | C] -- C:\Users\Timm\AppData\Local\ashampoo [2010.06.12 18:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo [2010.06.12 18:33:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo [2010.06.12 10:55:20 | 000,000,000 | ---D | C] -- C:\Users\Timm\Documents\Square Enix [2010.06.12 10:42:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SQUARE ENIX - Eidos Interactive [2010.06.09 14:25:40 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.06.09 14:25:40 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.06.09 14:25:40 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010.06.09 14:25:40 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010.06.07 15:04:04 | 000,000,000 | ---D | C] -- C:\Fraps [2010.06.06 11:23:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deep Silver [2010.06.06 10:53:45 | 000,000,000 | ---D | C] -- C:\Users\Timm\Documents\Prototype [2010.06.06 00:15:11 | 000,000,000 | ---D | C] -- C:\Users\Timm\Documents\WBGames [2010.06.05 23:11:22 | 000,000,000 | ---D | C] -- C:\Users\Timm\AppData\Local\Risen [2010.06.05 17:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2010.06.05 17:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010.06.05 17:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2010.06.05 15:09:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC3Filter [2010.06.05 14:02:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2010.06.04 11:52:46 | 000,000,000 | ---D | C] -- C:\Users\Timm\AppData\Roaming\DivX [2010.06.04 11:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2010.06.04 11:52:28 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2010.06.04 11:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2010.06.04 11:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2009.07.14 00:30:56 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010.07.03 15:58:49 | 002,359,296 | -HS- | M] () -- C:\Users\Timm\NTUSER.DAT [2010.07.03 15:58:37 | 000,284,915 | ---- | M] () -- C:\Users\Timm\Desktop\gmer.zip [2010.07.03 15:57:06 | 000,015,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.03 15:57:06 | 000,015,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.03 15:31:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.03 15:31:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.03 15:31:41 | 3217,526,784 | -HS- | M] () -- C:\hiberfil.sys [2010.07.03 15:31:41 | 000,048,764 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2010.07.02 17:44:54 | 000,063,336 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00411102}.rfx [2010.07.02 17:44:54 | 000,063,336 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00411102}.rfx [2010.07.02 17:44:54 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00411102}.rfx [2010.07.02 17:44:38 | 007,788,630 | -H-- | M] () -- C:\Users\Timm\AppData\Local\IconCache.db [2010.07.02 16:39:20 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.07.02 16:39:20 | 000,696,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.07.02 16:39:20 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.07.02 16:39:20 | 000,147,428 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.07.02 16:39:20 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.07.02 16:09:59 | 000,001,262 | ---- | M] () -- C:\Users\Timm\Desktop\Spybot - Search & Destroy.lnk [2010.07.02 02:40:25 | 000,444,762 | ---- | M] () -- C:\Users\Timm\Desktop\Install.docx [2010.07.02 00:27:58 | 000,007,597 | ---- | M] () -- C:\Users\Timm\AppData\Local\Resmon.ResmonCfg [2010.07.01 20:33:47 | 000,001,313 | ---- | M] () -- C:\Users\Timm\Documents\ax_files.xml [2010.07.01 20:30:58 | 009,591,104 | ---- | M] (DT Soft Ltd.) -- C:\Users\Timm\Desktop\DTLite4356-0091.exe [2010.07.01 18:03:54 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm [2010.07.01 18:03:54 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm [2010.06.28 19:13:14 | 000,000,649 | ---- | M] () -- C:\Users\Timm\Desktop\Musik.lnk [2010.06.26 13:10:05 | 000,013,478 | ---- | M] () -- C:\Users\Timm\Documents\Alex-PC.docx [2010.06.23 12:28:24 | 000,001,453 | ---- | M] () -- C:\Users\Timm\Desktop\metro2033 - Verknüpfung.lnk [2010.06.20 20:23:02 | 000,002,097 | ---- | M] () -- C:\Users\Timm\Desktop\Bioshock2.lnk [2010.06.20 17:49:14 | 000,002,316 | ---- | M] () -- C:\Users\Public\Desktop\Creative-Produktregistrierung.lnk [2010.06.20 17:25:21 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2010.06.20 17:25:21 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2010.06.20 17:25:21 | 000,133,632 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2010.06.20 17:25:21 | 000,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2010.06.20 16:20:37 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc [2010.06.19 22:29:36 | 000,002,071 | ---- | M] () -- C:\Users\Timm\Desktop\Borderlands.lnk [2010.06.18 14:43:10 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\O&O Defrag.lnk [2010.06.17 19:39:49 | 000,001,664 | ---- | M] () -- C:\Users\Timm\Desktop\Risen.lnk [2010.06.17 19:39:20 | 000,001,077 | ---- | M] () -- C:\Users\Timm\Desktop\CNC3.lnk [2010.06.17 17:24:50 | 000,001,193 | ---- | M] () -- C:\Users\Timm\Desktop\Call of Duty Modern Warfare 2 MP.lnk [2010.06.17 17:24:44 | 000,001,193 | ---- | M] () -- C:\Users\Timm\Desktop\Call of Duty Modern Warfare 2 SP.lnk [2010.06.15 20:05:06 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.14 21:29:00 | 000,001,646 | ---- | M] () -- C:\Users\Timm\Desktop\Brother Software.lnk [2010.06.13 19:35:36 | 000,002,060 | ---- | M] () -- C:\Users\Public\Desktop\Play The Lord of the Rings Online™ - FREE for 10 Days!.lnk [2010.06.13 01:04:24 | 000,001,686 | ---- | M] () -- C:\Users\Timm\Desktop\FarCry2.lnk [2010.06.12 19:42:05 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.06.12 19:42:04 | 002,250,024 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe [2010.06.09 18:03:06 | 000,413,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.06.07 15:04:05 | 000,000,562 | ---- | M] () -- C:\Users\Timm\Desktop\Fraps.lnk [2010.06.06 11:10:41 | 000,001,086 | ---- | M] () -- C:\Users\Timm\Desktop\prototypef.lnk [2010.06.06 00:40:21 | 000,000,737 | ---- | M] () -- C:\Users\Timm\Desktop\F.E.A.R.2.lnk [2010.06.04 22:25:23 | 430,835,912 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.06.04 12:44:33 | 000,061,885 | ---- | M] () -- C:\Users\Timm\Documents\Deal Xtrme.docx [2010.06.04 09:57:43 | 000,019,133 | ---- | M] () -- C:\Users\Timm\Documents\Rapidshare Premium.docx [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010.07.02 16:09:59 | 000,001,262 | ---- | C] () -- C:\Users\Timm\Desktop\Spybot - Search & Destroy.lnk [2010.07.02 02:38:16 | 000,444,762 | ---- | C] () -- C:\Users\Timm\Desktop\Install.docx [2010.06.28 19:13:15 | 000,000,649 | ---- | C] () -- C:\Users\Timm\Desktop\Musik.lnk [2010.06.26 13:10:05 | 000,013,478 | ---- | C] () -- C:\Users\Timm\Documents\Alex-PC.docx [2010.06.23 12:28:24 | 000,001,453 | ---- | C] () -- C:\Users\Timm\Desktop\metro2033 - Verknüpfung.lnk [2010.06.20 20:21:32 | 000,002,097 | ---- | C] () -- C:\Users\Timm\Desktop\Bioshock2.lnk [2010.06.20 18:06:55 | 000,006,010 | ---- | C] () -- C:\Windows\SysWow64\CTOPT352.cat [2010.06.20 17:43:17 | 000,063,336 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00411102}.rfx [2010.06.20 17:43:17 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm [2010.06.20 17:43:17 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm [2010.06.20 17:43:17 | 000,000,820 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00411102}.rfx [2010.06.19 22:29:36 | 000,002,071 | ---- | C] () -- C:\Users\Timm\Desktop\Borderlands.lnk [2010.06.19 18:39:21 | 000,048,764 | ---- | C] () -- C:\Windows\SysNative\oodbs.lor [2010.06.18 14:43:10 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\O&O Defrag.lnk [2010.06.17 19:39:49 | 000,001,664 | ---- | C] () -- C:\Users\Timm\Desktop\Risen.lnk [2010.06.17 19:39:20 | 000,001,077 | ---- | C] () -- C:\Users\Timm\Desktop\CNC3.lnk [2010.06.17 17:24:50 | 000,001,193 | ---- | C] () -- C:\Users\Timm\Desktop\Call of Duty Modern Warfare 2 MP.lnk [2010.06.17 17:24:44 | 000,001,193 | ---- | C] () -- C:\Users\Timm\Desktop\Call of Duty Modern Warfare 2 SP.lnk [2010.06.15 20:05:06 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.14 21:29:00 | 000,001,646 | ---- | C] () -- C:\Users\Timm\Desktop\Brother Software.lnk [2010.06.13 19:35:36 | 000,002,060 | ---- | C] () -- C:\Users\Public\Desktop\Play The Lord of the Rings Online™ - FREE for 10 Days!.lnk [2010.06.13 01:04:24 | 000,001,686 | ---- | C] () -- C:\Users\Timm\Desktop\FarCry2.lnk [2010.06.07 15:04:05 | 000,000,562 | ---- | C] () -- C:\Users\Timm\Desktop\Fraps.lnk [2010.06.06 11:10:43 | 000,001,086 | ---- | C] () -- C:\Users\Timm\Desktop\prototypef.lnk [2010.06.06 00:39:28 | 000,000,737 | ---- | C] () -- C:\Users\Timm\Desktop\F.E.A.R.2.lnk [2010.06.04 12:44:32 | 000,061,885 | ---- | C] () -- C:\Users\Timm\Documents\Deal Xtrme.docx [2010.06.04 09:57:42 | 000,019,133 | ---- | C] () -- C:\Users\Timm\Documents\Rapidshare Premium.docx [2010.05.26 14:33:20 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010.05.26 14:33:20 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2010.05.26 14:33:04 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2010.05.26 14:32:19 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL [2010.05.24 18:49:45 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.05.19 22:37:57 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.05.19 22:37:57 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.05.15 21:15:01 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.14 01:14:20 | 000,027,839 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2009.07.14 00:28:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.05.26 12:12:38 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys < End of report > Extras.txt: OTL Extras logfile created on: 03.07.2010 15:56:40 - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Timm\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 63,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 727,48 Gb Free Space | 78,10% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 1,89 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded Drive G: | 930,86 Gb Total Space | 437,92 Gb Free Space | 47,04% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DISTURBED-PC Current User Name: Timm Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 "" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{005E399F-DC01-4F98-8EDB-EE477974AB3F}" = Microsoft SQL Server VSS Writer "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{4A1FCB72-812A-4096-8713-F1BB101A904E}" = Microsoft SQL Server Native Client "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4FBB2E98-1A3B-396A-A662-73E17009C076}" = ATI Catalyst Install Manager "{604CB4FC-3D32-405F-A109-165F170529B6}" = WD SmartWare "{825C7AAC-C5D5-B89B-EBA1-D4DFC5E46D6C}" = AMD Drag and Drop Transcoding "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BC84C1E9-F4D4-4B8E-B35C-C88EEA0A5201}" = O&O Defrag Professional "{ED066E02-C49A-D5D9-7ACD-1014EB7571D1}" = ccc-utility64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "81AE60DDD229A248055515E311406D86F7E4012A" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6) "BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen "{1E58B969-9BB4-4012-8D8B-D06005D1CD24}" = TP-LINK Client Installation Program "{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15 "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite DCP-165C "{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2 "{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands "{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R) "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8B681A3B-C924-23F9-AAD0-9FB1715C763A}" = Catalyst Control Center InstallProxy "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{96ED9087-7A6A-22A9-135F-901AF77474AC}" = ccc-core-static "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5 "{C6E6B1D1-EC88-7270-3819-AA924908CFDA}" = Catalyst Control Center Graphics Previews Vista "{C7027BD9-C90F-79C7-8CFF-8F32E2806631}" = CCC Help English "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6 "{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2 "{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null "{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel "{F8365857-3233-E29E-65C6-6C0AB4F99622}" = Catalyst Control Center Graphics Previews Common "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "3DMIDI" = Creative 3DMIDI Player "AC3Filter_is1" = AC3Filter 1.63b "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALchemy" = Creative ALchemy "Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010 "AudioCS" = Creative Audio-Systemsteuerung "Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2 "Console Launcher" = Creative Konsole Starter "Creative Software AutoUpdate" = Creative Software AutoUpdate "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition "Crysis WARHEAD(R)" = Crysis WARHEAD(R) "Diagnostics 4_5" = Creative-Diagnose "DivX Setup.divx.com" = DivX-Setup "Dolby Digital Live Pack" = Dolby Digital Live Pack "Driver Cleaner Pro" = DH Driver Cleaner Professional Edition "DTS Connect Pack" = DTS Connect Pack "Fraps" = Fraps "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "ICQToolbar" = ICQ Toolbar "ImTOO MPEG Encoder" = ImTOO MPEG Encoder "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null "InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010 "JDownloader" = JDownloader "Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6) "Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4) "OpenAL" = OpenAL "PHPNukeDE Toolbar" = PHPNukeDE Toolbar "PROHYBRIDR" = 2007 Microsoft Office system "PunkBusterSvc" = PunkBuster Services "Speed-Link Vibration Joystick" = Speed-Link Vibration Joystick "SysInfo" = Creative Systeminformationen "TuneUp Utilities" = TuneUp Utilities "Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components) "VLC media player" = VLC media player 1.0.5 "WaveStudio 7" = Creative WaveStudio 7 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "ShockWave V0.95" = ShockWave V0.95 [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 22.06.2010 14:51:22 | Computer Name = Disturbed-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 23.06.2010 05:23:15 | Computer Name = Disturbed-PC | Source = WDSmartWareBackgroundService | ID = 0 Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args) Error - 23.06.2010 05:41:16 | Computer Name = Disturbed-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: SimPack.exe, Version: 0.0.0.0, Zeitstempel: 0x49a9a89f Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdb3b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e23e ID des fehlerhaften Prozesses: 0x770 Startzeit der fehlerhaften Anwendung: 0x01cb12b8219e0f9c Pfad der fehlerhaften Anwendung: C:\Users\Timm\AppData\Local\Temp\SimPack.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 77b44257-7eab-11df-b017-6cf049546794 Error - 23.06.2010 05:41:22 | Computer Name = Disturbed-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: SimPack.exe, Version: 0.0.0.0, Zeitstempel: 0x49a9a89f Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdb3b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e23e ID des fehlerhaften Prozesses: 0x10c8 Startzeit der fehlerhaften Anwendung: 0x01cb12b83b868539 Pfad der fehlerhaften Anwendung: C:\Users\Timm\AppData\Local\Temp\SimPack.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 7af87d16-7eab-11df-b017-6cf049546794 Error - 23.06.2010 06:00:07 | Computer Name = Disturbed-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Timm\Downloads\SoftonicDownloader47683.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest. Error - 23.06.2010 06:02:36 | Computer Name = Disturbed-PC | Source = Application Hang | ID = 1002 Description = Programm metro2033.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 720 Startzeit: 01cb12bb1a470ab3 Endzeit: 3 Anwendungspfad: C:\Program Files (x86)\METRO 2033\metro2033.exe Berichts-ID: 639bcfd7-7eae-11df-b017-6cf049546794 Error - 23.06.2010 06:21:31 | Computer Name = Disturbed-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: metro2033.exe, Version: 1.0.0.1, Zeitstempel: 0x4b912b1f Name des fehlerhaften Moduls: metro2033.exe, Version: 1.0.0.1, Zeitstempel: 0x4b912b1f Ausnahmecode: 0xc0000005 Fehleroffset: 0x003e4f0f ID des fehlerhaften Prozesses: 0x904 Startzeit der fehlerhaften Anwendung: 0x01cb12bdd4f60554 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\METRO 2033\metro2033.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\METRO 2033\metro2033.exe Berichtskennung: 170a9926-7eb1-11df-b017-6cf049546794 Error - 25.06.2010 16:38:58 | Computer Name = Disturbed-PC | Source = WDSmartWareBackgroundService | ID = 0 Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args) Error - 26.06.2010 06:26:18 | Computer Name = Disturbed-PC | Source = WDSmartWareBackgroundService | ID = 0 Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args) Error - 27.06.2010 11:11:50 | Computer Name = Disturbed-PC | Source = WDSmartWareBackgroundService | ID = 0 Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args) [ System Events ] Error - 23.06.2010 06:44:11 | Computer Name = Disturbed-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 25.06.2010 17:23:48 | Computer Name = Disturbed-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 27.06.2010 11:20:37 | Computer Name = Disturbed-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 27.06.2010 11:20:38 | Computer Name = Disturbed-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 27.06.2010 15:54:46 | Computer Name = Disturbed-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 27.06.2010 15:54:46 | Computer Name = Disturbed-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 28.06.2010 07:05:10 | Computer Name = Disturbed-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 28.06.2010 07:05:10 | Computer Name = Disturbed-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 29.06.2010 15:50:33 | Computer Name = Disturbed-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "O&O Defrag" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 30.06.2010 13:37:28 | Computer Name = Disturbed-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?30.?06.?2010 um 19:06:05 unerwartet heruntergefahren. < End of report > bei Gmer tritt bei jedem Öffnen und Scannen ein Fehler auf, es scannt zwar aber findet nichts, ein logfile erstellt es auch nicht. |
|
|
||
03.07.2010, 23:27
Member
Beiträge: 420 |
#4
Hi,
auf den ersten Blick sieht das Ganze ganz gut aus, allerdings bin ich grad etwas "mitgenommen" vom Deutschlandspiel. Ich werde mir das morgen etwas genauer ansehen. Könntest Du bitte in der Zwischenzeit: 1. Malwarebytes war veraltet, wir sind mittlerweile bei Versiom 4272. Bitte aktualisieren lassen und einen erneuten Quick Scan durchführen. Poste bitte das Log, falls etwas gefunden wurde. 2. Gmer will auf 64-Bit Systemen manchmal nicht so recht. Mache bitte ein Scan mit Sophos Anti-Rootkit http://www.sophos.de/products/free-tools/sophos-anti-rootkit.html Es ist leider eine Registrierung notwendig, aber es ist kostenlos, man kriegt keine Werbung oder sonstiges, also keine Angst Nach der Installation bitte auf Start Scan klicken und das Log posten. 3. Könntest du bitte die Crack bzw. Keygen Datei von diesem Programm hier: C:\Users\Timm\Desktop\DS Cracked bei VirusTotal [url] http://www.virustotal.com/de/[/url] hochladen? 99,9% aller Cracks und Keygens sind verseucht, es wäre gut zu wissen, womit wir es ggf. zu tun haben. Gruß gangren |
|
|
||
03.07.2010, 23:55
Member
Beiträge: 21 |
#5
Zitat gangren posteteSTOP ! Frage: das ist doch wohl nicht erlaubt, jemandem zu helfen, der solche Sachen auf dem Rechner hat??! Oder lebe ich hinterm Mond? Oder verstehe ich da etwas falsch? |
|
|
||
04.07.2010, 01:01
Moderator
Beiträge: 5694 |
#6
Zitat gangren posteteWeiterer Support fraglich Die Nutzung von Cracks, Keygens und/oder Patchs, die das Ziel haben, Bezahlsoftware ohne Bezahlung nutzbar zu machen, ist illegal und wir haben uns darauf geeinigt, dass wir uns nicht der Beihilfe schuldig machen werden. Dieses Forum unterliegt deutschen Gesetzen und die sind diesbezüglich sehr streng. Dass Cracks und Keygens im Wesentlichen dazu dienen, um auf den Computern Malware und Backdoors unterzubringen, ist kein Geheimnis und muss jedem klar sein. Du hast jetzt zwei Möglichkeiten: Entweder Du entfernst konsequent und rückstandlos jede Software, die auf diese Weise genutzt wird und verzichtest in Zukunft darauf, oder ich stelle den Support an dieser Stelle komplett ein. |
|
|
||
04.07.2010, 15:20
...neu hier
Themenstarter Beiträge: 7 |
#7
Oh, Sorry der Ornder DS Cracked enthält keinerlei Crackdateien, den hab ich nur so genannt, weil da NDS Dateien drinnen sind die ich dann per Emulator aufm Computer starten kann .
|
|
|
||
04.07.2010, 16:20
...neu hier
Themenstarter Beiträge: 7 |
#8
Hier zum neuen logfile:
Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4274 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 04.07.2010 16:19:33 mbam-log-2010-07-04 (16-19-33).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 131530 Laufzeit: 2 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
|
||
04.07.2010, 16:41
Member
Beiträge: 420 |
#9
Dann habe ich falsch geraten.
Noch ein paar Worte zum Sophos - bitte damit nichts entfernen, sondern nur das Log posten. Log findet man, wenn man in der Adresszeile des Explorers (nicht IE, der normale Dateiexplorer von Windows) %temp% eingibt und nach der Datei namens sarscan.log sucht. |
|
|
||
05.07.2010, 00:15
...neu hier
Themenstarter Beiträge: 7 |
#10
So hier :
Sophos Anti-Rootkit Version 1.5.4 (c) 2009 Sophos Plc Started logging on 04.07.2010 at 23:49:51 User "Timm" on computer "DISTURBED-PC" Windows version 6.1 SP 0.0 build 7600 SM=0x300 PT=0x1 WOW64 Info: Starting registry scan. Info: Starting disk scan of C: (NTFS). Hidden: file C:\Users\Timm\AppData\Roaming\SecuROM\UserData\???????????p????????? Hidden: file C:\Windows\System32\drivers\sptd.sys Hidden: file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Command and Conquer(TM) Generäle Die Stunde Null \Command & Conquer Generäle Die Stunde Null .lnk Hidden: file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Command and Conquer(TM) Generäle Die Stunde Null \Command & Conquer Generäle Die Stunde Null-Readme.lnk Hidden: file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Command and Conquer(TM) Generäle Die Stunde Null \System-Info.lnk Hidden: file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Command and Conquer(TM) Generäle Die Stunde Null \Elektronische Registrierung.lnk Hidden: file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Command and Conquer(TM) Generäle Die Stunde Null \Technischer Kundendienst.lnk Hidden: file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Command and Conquer(TM) Generäle Die Stunde Null \Command & Conquer Generäle Die Stunde Null deinstallieren.lnk Hidden: file C:\Users\Timm\AppData\Roaming\SecuROM\UserData\???????????p????????? Info: Starting disk scan of G: (NTFS). Stopped logging on 05.07.2010 at 00:13:59 |
|
|
||
05.07.2010, 23:47
Member
Beiträge: 420 |
#11
Ok,
starte bitte OTL, kopiere unten in das Scriptfeld rein: Zitat :OTLund klicke auf Run Fix. Ein Neustart wird unter Umständen benötigt. Ist jetzt reine Prophylaxe, in den Logs ist nichts zu entdecken. Hast Du irgendetwas installiert, als der PC langsam wurde? Unter Umständen hilft ein Treiber- oder sogar ein BIOS-Update, denn das hier Zitat Error - 27.06.2010 11:20:37 | Computer Name = Disturbed-PC | Source = Disk | ID = 262155deutet auf ein Teiber-Problem. So viele Programme wie möglich zu deinstallieren mit anschließender Defragmentierung wäre auch ein Versuch wert. So wie ich das sehe ist es jedenfalls kein Malware-Problem. Gruß, gangren |
|
|
||
07.07.2010, 01:23
...neu hier
Themenstarter Beiträge: 7 |
#12
Ok, erstmal danke.... Was denkst du welcher Treiber das sein könnte?
MFG |
|
|
||
07.07.2010, 17:41
...neu hier
Themenstarter Beiträge: 7 |
#13
Hab das Problem behoben, war ein fehlender Controllertreiber.
|
|
|
||
07.07.2010, 18:23
Member
Beiträge: 420 |
||
|
||
Seit ein paar tagen ist der PC deutlich langsamer geworden mein Antivirenprogramm Kaspersky Internet Security 2010 kann jedoch nichts finden.
Hier mal ein HijackThis logfile:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:26:46, on 02.07.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Users\Timm\Downloads\HiJackThis204.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2102572
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: PHPNukeDE Toolbar - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Program Files (x86)\PHPNukeDE\tbPHPN.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: PHPNukeDE Toolbar - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Program Files (x86)\PHPNukeDE\tbPHPN.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: PHPNukeDE Toolbar - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Program Files (x86)\PHPNukeDE\tbPHPN.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL2 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL2 (User 'Default user')
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10149 bytes
Ich bedanke mich schon mal für eure Hilfe