Home » Spyware & Browser Hijacker Support Forum » Virus,Computer sperrung durch Polizei. » Themenansicht
Virus,Computer sperrung durch Polizei. |
||
|---|---|---|
| #0
| ||
|
03.08.2012, 22:11
Member
Beiträge: 104 |
||
 
|
|
|
|
04.08.2012, 16:17
Moderator
Beiträge: 5694 |
#2
Herzlich Willkommen auf dem Protecus Forum
Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden. • Bitte arbeite alle Schritte der Reihe nach ab. • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben. • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst. • Bitte kein Crossposting (posten in mehreren Foren). • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert. • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst. • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten. Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 AntiVir - Funde rauskopieren Rechtsklick auf den AntiVir-Schirm in der Taskleiste => AntiVir starten => Übersicht => Ereignisse Typ anklicken, damit die Ereignisse nach Typart sortiert werden. Jeden Fund markieren (nicht alle Ereignisse, nur Funde) => Rechtsklick auf Funde => Ereignis(se) exportieren und als Ereignisse.txt auf dem Desktop speichern und den Inhalt hier posten. Schritt 2 Downloade Dir bitte Malwarebytes • Installiere das Programm in den vorgegebenen Pfad. Vista und Win7 User mit Rechtsklick "als Administrator starten" • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen. • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen. • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl. • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread. • Nachträglich kannst du den Bericht unter "Log Dateien" finden. Schritt 3 Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop • Starte bitte die OTL.exe. Vista und Win7 User mit Rechtsklick "als Administrator starten" • Kopiere nun den Inhalt in die  Textbox.Code activex• Schliesse bitte nun alle Programme. (Wichtig) • Klicke nun bitte auf den Quick Scan Button. • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread |
|
|
|
|
|
|
04.08.2012, 20:59
Member
Themenstarter Beiträge: 104 |
||
|
|
|
|
|
04.08.2012, 21:04
Member
Themenstarter Beiträge: 104 |
#4
Zu Schritt 2
Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.04.07 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 ChuckNorris :: CHUCKNORRIS-PC [Administrator] 04.08.2012 21:00:51 mbam-log-2012-08-04 (21-00-51).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 182482 Laufzeit: 1 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
|
|
|
|
|
04.08.2012, 21:13
Member
Themenstarter Beiträge: 104 |
#5
Zu Schritt 3
OTL.TXT OTL logfile created on: 04.08.2012 21:06:17 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\ChuckNorris\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 71,38% Memory free 6,50 Gb Paging File | 5,37 Gb Available in Paging File | 82,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 698,54 Gb Total Space | 573,65 Gb Free Space | 82,12% Space Free | Partition Type: NTFS Drive H: | 7,39 Gb Total Space | 7,33 Gb Free Space | 99,17% Space Free | Partition Type: FAT32 Computer Name: CHUCKNORRIS-PC | User Name: ChuckNorris | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012.08.04 21:05:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\ChuckNorris\Downloads\OTL.exe PRC - [2012.06.10 18:49:52 | 000,924,640 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe PRC - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe PRC - [2011.04.21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.09.28 15:51:26 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.09.28 15:50:58 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.11.05 03:44:30 | 001,698,304 | R--- | M] (VIA) -- C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 03:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012.06.10 18:49:52 | 001,911,776 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.03.11 22:40:20 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.09.30 22:36:20 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.04.12 16:59:06 | 000,430,080 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2009.09.02 03:28:04 | 047,628,288 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\skin.dll MOD - [2009.07.14 10:47:13 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.07.14 10:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 10:47:12 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.07.14 06:43:36 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll MOD - [2009.07.14 06:43:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll MOD - [2009.07.14 06:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll MOD - [2009.07.14 06:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll MOD - [2009.07.14 06:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll MOD - [2009.07.14 06:42:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll MOD - [2009.07.14 06:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll MOD - [2009.07.14 06:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll MOD - [2009.05.07 10:53:18 | 000,106,496 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll MOD - [2009.05.07 10:50:46 | 000,073,728 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll MOD - [2008.02.14 07:57:00 | 000,094,208 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Users\ChuckNorris\AppData\Local\Temp\7zS04C4\hpslpsvc32.dll -- (HPSLPSVC) SRV - [2012.06.21 19:33:04 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011.08.15 15:35:54 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.09.28 15:50:58 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- D:\FXDrv32.sys -- (FXDrv32) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\CHUCKN~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys -- (cpuz130) DRV - [2011.08.15 15:35:54 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.08.15 15:35:54 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.07.26 20:42:44 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2010.09.28 16:25:14 | 006,472,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010.09.28 15:14:30 | 000,228,352 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2010.08.16 00:41:54 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2010.06.17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.08 22:11:00 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2009.09.17 13:02:04 | 001,086,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:53:40 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 D0 6A 2B 42 45 CB 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.de/" FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.03 22:38:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.16 19:26:59 | 000,000,000 | ---D | M] [2010.08.26 19:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ChuckNorris\AppData\Roaming\mozilla\Extensions [2012.06.17 22:39:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ChuckNorris\AppData\Roaming\mozilla\Firefox\Profiles\kcc2accf.default\extensions [2011.08.07 19:17:22 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\ChuckNorris\AppData\Roaming\mozilla\Firefox\Profiles\kcc2accf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.06.17 22:39:20 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\ChuckNorris\AppData\Roaming\mozilla\Firefox\Profiles\kcc2accf.default\extensions\battlefieldheroespatcher@ea.com [2011.07.26 20:42:42 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\ChuckNorris\AppData\Roaming\mozilla\Firefox\Profiles\kcc2accf.default\extensions\DTToolbar@toolbarnet.com [2011.07.26 20:42:38 | 000,002,055 | ---- | M] () -- C:\Users\ChuckNorris\AppData\Roaming\Mozilla\Firefox\Profiles\kcc2accf.default\searchplugins\daemon-search.xml [2011.08.16 20:01:40 | 000,002,342 | ---- | M] () -- C:\Users\ChuckNorris\AppData\Roaming\Mozilla\Firefox\Profiles\kcc2accf.default\searchplugins\icq-search.xml [2012.03.11 22:47:32 | 000,000,950 | ---- | M] () -- C:\Users\ChuckNorris\AppData\Roaming\Mozilla\Firefox\Profiles\kcc2accf.default\searchplugins\icqplugin.xml [2012.03.17 18:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.10 18:49:52 | 000,134,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.10 03:35:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.10 03:35:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012.03.10 12:52:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Steam] C:\Spiele\SEGA\Empire Total War\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\ChuckNorris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ChuckNorris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ChuckNorris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.03.21 16:06:58 | 000,059,310 | RHS- | M] () - H:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012.07.29 21:02:18 | 000,000,000 | ---D | C] -- C:\Users\ChuckNorris\AppData\Roaming\10001.071 [2012.07.29 21:01:45 | 000,000,000 | ---D | C] -- C:\Users\ChuckNorris\AppData\Roaming\xmldm [2012.07.29 21:01:44 | 000,000,000 | ---D | C] -- C:\Users\ChuckNorris\AppData\Roaming\kock [2012.07.18 13:47:00 | 000,000,000 | ---D | C] -- C:\Users\ChuckNorris\Desktop\Die Toten Hosen --- Ballast - Der - Republik --- 2 [2012.07.18 13:39:36 | 000,000,000 | ---D | C] -- C:\Users\ChuckNorris\Desktop\Club Magic Dance Charts - TOP 40 (04-2012) - TFG - [2012.07.18 13:32:11 | 000,000,000 | ---D | C] -- C:\Users\ChuckNorris\Desktop\VA - Super Dance January (2012) 01 - Mix - Feat - [2012.07.18 13:21:07 | 000,000,000 | ---D | C] -- C:\Users\ChuckNorris\Desktop\Club Magic Dance Charts - TOP 40 (02-2012) - TFG - [1 C:\Users\ChuckNorris\AppData\Roaming\*.tmp files -> C:\Users\ChuckNorris\AppData\Roaming\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012.08.04 20:57:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.04 20:08:42 | 001,942,285 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\Marathon.jpg [2012.08.04 20:08:30 | 007,227,484 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\Marathon.png [2012.08.04 19:48:24 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.04 19:48:24 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.04 19:48:24 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.04 19:48:24 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.04 19:39:05 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.04 19:39:05 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.04 19:37:10 | 006,305,748 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8137.JPG [2012.08.04 19:32:06 | 000,000,440 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2012.08.04 19:32:02 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.04 19:31:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.04 19:31:48 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys [2012.08.03 21:35:30 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad [2012.07.30 17:23:28 | 000,000,018 | ---- | M] () -- C:\Users\ChuckNorris\AppData\Roaming\urhtps.dat [2012.07.29 23:05:09 | 000,000,034 | ---- | M] () -- C:\Users\ChuckNorris\AppData\Roaming\blckdom.res [2012.07.17 22:02:32 | 006,422,625 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8120.JPG [2012.07.17 22:01:24 | 006,390,593 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8112.JPG [2012.07.17 21:58:32 | 005,586,271 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8085.JPG [2012.07.17 21:54:04 | 006,392,346 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8111.JPG [2012.07.17 21:53:54 | 006,422,884 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8090.JPG [2012.07.17 21:53:44 | 006,318,232 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8089.JPG [2012.07.17 21:53:16 | 005,917,725 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8086.JPG [2012.07.17 21:53:00 | 006,935,908 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8074.JPG [2012.07.17 21:52:50 | 006,127,284 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8073.JPG [2012.07.17 21:52:40 | 006,128,718 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8072.JPG [2012.07.17 21:52:32 | 006,500,620 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8116.JPG [2012.07.17 21:52:22 | 006,340,620 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8115.JPG [2012.07.17 21:51:24 | 006,589,834 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8069.JPG [2012.07.17 21:50:46 | 006,307,091 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8068.JPG [2012.07.17 21:49:30 | 006,257,962 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8067.JPG [2012.07.17 21:48:22 | 006,280,466 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8066.JPG [2012.07.17 21:48:10 | 006,132,829 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8065.JPG [2012.07.17 21:47:36 | 006,084,269 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8064.JPG [2012.07.17 21:47:06 | 006,154,978 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8063.JPG [2012.07.17 21:46:48 | 005,882,277 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8060.JPG [2012.07.17 21:46:32 | 006,567,439 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8059.JPG [2012.07.16 17:40:34 | 006,644,937 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8119.JPG [2012.07.16 17:40:20 | 006,110,435 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8117.JPG [2012.07.16 17:38:56 | 005,987,763 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8110.JPG [2012.07.16 17:38:48 | 006,750,163 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8109.JPG [2012.07.16 17:38:40 | 006,969,025 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8108.JPG [2012.07.16 15:25:38 | 005,794,709 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8107.JPG [2012.07.16 15:25:28 | 004,951,439 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8106.JPG [2012.07.16 15:25:18 | 006,435,433 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8105.JPG [2012.07.16 15:24:28 | 006,497,999 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8104.JPG [2012.07.16 15:24:06 | 006,195,843 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8100.JPG [2012.07.16 15:23:56 | 006,382,848 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8099.JPG [2012.07.16 15:23:48 | 006,448,752 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8098.JPG [2012.07.16 15:23:38 | 006,343,612 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8097.JPG [2012.07.16 15:23:24 | 006,147,775 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8095.JPG [2012.07.16 15:23:16 | 005,707,627 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8094.JPG [2012.07.16 15:22:48 | 006,517,139 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8093.JPG [2012.07.16 15:22:38 | 006,644,376 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8092.JPG [2012.07.16 15:22:28 | 006,262,576 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8091.JPG [2012.07.16 15:16:02 | 006,643,595 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8084.JPG [2012.07.16 15:15:46 | 006,620,730 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8081.JPG [2012.07.16 15:15:28 | 006,548,374 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8079.JPG [2012.07.16 15:14:58 | 006,653,378 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8075.JPG [2012.07.16 15:09:54 | 006,285,039 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8071.JPG [2012.07.16 15:09:44 | 006,762,207 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8070.JPG [2012.07.16 11:18:06 | 005,592,146 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8062.JPG [2012.07.16 11:17:56 | 004,781,253 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\CIMG8061.JPG [2012.07.15 16:23:26 | 000,741,660 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\C360_2012-06-02-15-24-08.jpg [2012.07.13 16:44:59 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad [2012.07.13 16:42:00 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.07.13 16:32:08 | 000,005,676 | ---- | M] () -- C:\Users\Public\Documents\cc_20120713_163206.reg [2012.07.08 17:41:23 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad [2012.07.06 17:20:04 | 000,214,471 | ---- | M] () -- C:\Users\ChuckNorris\Desktop\2012-07-06 15.20.05.jpg [1 C:\Users\ChuckNorris\AppData\Roaming\*.tmp files -> C:\Users\ChuckNorris\AppData\Roaming\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012.08.04 20:08:41 | 001,942,285 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\Marathon.jpg [2012.08.04 20:08:30 | 007,227,484 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\Marathon.png [2012.08.04 19:37:08 | 006,305,748 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8137.JPG [2012.07.31 23:17:14 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad [2012.07.30 17:23:28 | 000,000,018 | ---- | C] () -- C:\Users\ChuckNorris\AppData\Roaming\urhtps.dat [2012.07.29 21:01:56 | 000,000,034 | ---- | C] () -- C:\Users\ChuckNorris\AppData\Roaming\blckdom.res [2012.07.17 19:06:32 | 006,422,625 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8120.JPG [2012.07.16 17:40:32 | 006,644,937 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8119.JPG [2012.07.16 17:40:18 | 006,110,435 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8117.JPG [2012.07.16 17:40:10 | 006,500,620 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8116.JPG [2012.07.16 17:39:56 | 006,340,620 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8115.JPG [2012.07.16 17:39:38 | 006,390,593 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8112.JPG [2012.07.16 17:39:30 | 006,392,346 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8111.JPG [2012.07.16 17:38:56 | 005,987,763 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8110.JPG [2012.07.16 17:38:46 | 006,750,163 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8109.JPG [2012.07.16 17:38:38 | 006,969,025 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8108.JPG [2012.07.16 15:25:36 | 005,794,709 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8107.JPG [2012.07.16 15:25:28 | 004,951,439 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8106.JPG [2012.07.16 15:25:18 | 006,435,433 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8105.JPG [2012.07.16 15:24:28 | 006,497,999 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8104.JPG [2012.07.16 15:24:06 | 006,195,843 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8100.JPG [2012.07.16 15:23:54 | 006,382,848 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8099.JPG [2012.07.16 15:23:46 | 006,448,752 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8098.JPG [2012.07.16 15:23:36 | 006,343,612 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8097.JPG [2012.07.16 15:23:24 | 006,147,775 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8095.JPG [2012.07.16 15:23:14 | 005,707,627 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8094.JPG [2012.07.16 15:22:48 | 006,517,139 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8093.JPG [2012.07.16 15:22:36 | 006,644,376 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8092.JPG [2012.07.16 15:22:26 | 006,262,576 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8091.JPG [2012.07.16 15:21:48 | 006,422,884 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8090.JPG [2012.07.16 15:21:36 | 006,318,232 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8089.JPG [2012.07.16 15:21:10 | 005,917,725 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8086.JPG [2012.07.16 15:16:56 | 005,586,271 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8085.JPG [2012.07.16 15:16:00 | 006,643,595 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8084.JPG [2012.07.16 15:15:44 | 006,620,730 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8081.JPG [2012.07.16 15:15:28 | 006,548,374 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8079.JPG [2012.07.16 15:14:56 | 006,653,378 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8075.JPG [2012.07.16 15:10:24 | 006,935,908 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8074.JPG [2012.07.16 15:10:10 | 006,127,284 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8073.JPG [2012.07.16 15:10:04 | 006,128,718 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8072.JPG [2012.07.16 15:09:52 | 006,285,039 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8071.JPG [2012.07.16 15:09:44 | 006,762,207 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8070.JPG [2012.07.16 15:09:32 | 006,589,834 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8069.JPG [2012.07.16 15:09:16 | 006,307,091 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8068.JPG [2012.07.16 15:08:56 | 006,257,962 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8067.JPG [2012.07.16 15:08:44 | 006,280,466 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8066.JPG [2012.07.16 11:32:48 | 006,132,829 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8065.JPG [2012.07.16 11:32:44 | 006,084,269 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8064.JPG [2012.07.16 11:32:28 | 006,154,978 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8063.JPG [2012.07.16 11:18:04 | 005,592,146 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8062.JPG [2012.07.16 11:17:56 | 004,781,253 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8061.JPG [2012.07.16 11:17:50 | 005,882,277 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8060.JPG [2012.07.16 11:17:44 | 006,567,439 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\CIMG8059.JPG [2012.07.15 16:24:44 | 000,741,660 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\C360_2012-06-02-15-24-08.jpg [2012.07.13 16:32:07 | 000,005,676 | ---- | C] () -- C:\Users\Public\Documents\cc_20120713_163206.reg [2012.07.13 16:25:32 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad [2012.07.10 06:43:45 | 000,214,471 | ---- | C] () -- C:\Users\ChuckNorris\Desktop\2012-07-06 15.20.05.jpg [2012.07.06 20:29:22 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad [2012.05.25 21:47:58 | 000,003,584 | ---- | C] () -- C:\Users\ChuckNorris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.09 19:34:30 | 000,000,156 | ---- | C] () -- C:\Users\ChuckNorris\defogger_reenable [2011.09.12 20:43:06 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2011.07.31 20:35:35 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.07.31 20:35:35 | 000,138,056 | ---- | C] () -- C:\Users\ChuckNorris\AppData\Roaming\PnkBstrK.sys [2011.07.31 20:35:16 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.07.31 20:35:15 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2011.07.31 20:35:15 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.07.28 21:58:55 | 000,000,317 | ---- | C] () -- C:\Windows\doom3.ini [2010.08.19 18:23:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.08.19 18:21:59 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010.08.19 18:16:57 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010.08.11 03:24:20 | 000,224,342 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.07.14 03:16:20 | 076,004,920 | -H-- | C] () -- C:\ProgramData\xbeoldnamia.dat [color=#E56717]========== LOP Check ==========[/color] [2012.08.03 22:38:39 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\10001.071 [2011.08.30 20:51:11 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\Acoustica [2011.10.07 17:13:42 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\Ashampoo [2012.05.01 21:01:10 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\avidemux [2012.07.13 16:31:36 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\BitTorrent [2011.10.08 20:18:11 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\DAEMON Tools Lite [2012.08.04 20:10:02 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\Dropbox [2012.05.01 20:49:29 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\DVDVideoSoft [2011.08.07 19:17:22 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.04 18:05:11 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\HDRsoft [2012.04.01 20:45:50 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\ICQ [2012.05.25 20:02:09 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\IrfanView [2012.07.29 21:01:44 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\kock [2011.10.30 15:51:20 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\Micrografx [2011.09.25 18:56:57 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\NCH Swift Sound [2012.02.04 22:09:07 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\Nyogma [2011.08.21 12:00:03 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\PTGui [2011.09.25 18:56:14 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\Sony [2012.01.12 21:31:35 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\The Creative Assembly [2012.07.31 21:31:26 | 000,000,000 | ---D | M] -- C:\Users\ChuckNorris\AppData\Roaming\xmldm [2012.04.19 16:55:58 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color] [2012.03.10 12:53:13 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.08.19 18:12:04 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.08.03 21:52:45 | 000,000,000 | R--D | M] -- C:\Program Files [2012.08.03 22:38:35 | 000,000,000 | ---D | M] -- C:\ProgramData [2010.08.19 18:12:04 | 000,000,000 | -HSD | M] -- C:\Programme [2010.08.19 18:12:04 | 000,000,000 | ---D | M] -- C:\Recovery [2012.03.24 11:52:54 | 000,000,000 | ---D | M] -- C:\Spiele [2012.08.04 21:07:38 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.08.19 18:12:10 | 000,000,000 | R--D | M] -- C:\Users [2012.08.03 22:38:41 | 000,000,000 | ---D | M] -- C:\Windows [color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color] [color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color] [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\ERDNT\cache\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color] [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\ERDNT\cache\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [color=#A23BEC]< MD5 for: WININIT.EXE >[/color] [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\ERDNT\cache\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color] < End of report > EXTRAS.TXT OTL Extras logfile created on: 04.08.2012 21:06:17 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\ChuckNorris\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 71,38% Memory free 6,50 Gb Paging File | 5,37 Gb Available in Paging File | 82,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 698,54 Gb Total Space | 573,65 Gb Free Space | 82,12% Space Free | Partition Type: NTFS Drive H: | 7,39 Gb Total Space | 7,33 Gb Free Space | 99,17% Space Free | Partition Type: FAT32 Computer Name: CHUCKNORRIS-PC | User Name: ChuckNorris | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06B8CABA-D8AD-4CEC-AC29-EB3AC83CC06C}" = rport=137 | protocol=17 | dir=out | app=system | "{273BACE4-1733-4A29-923D-E4AA4583583E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{284D0A8F-E7C0-43A2-8DB1-695F3E726A1C}" = rport=139 | protocol=6 | dir=out | app=system | "{28DE3A72-AED6-411D-9FED-834745D0FEB5}" = lport=2869 | protocol=6 | dir=in | app=system | "{300299CC-DC96-497C-8B1D-EB5AA5354BD2}" = rport=2869 | protocol=6 | dir=out | app=system | "{3E207E49-DECC-490D-B67E-E37F63DA2480}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{49B75811-CB2F-40B8-BDCC-35B7BEB470B6}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{52ECF74C-9C4C-4AF5-94F1-BAFC1A970CFF}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{542B5A9E-1EA7-4DFF-94F4-F4F5C4F083E3}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{73D013D4-E585-43E5-AFB2-EF83D07A14B4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8F54803D-72FE-422D-AF5D-8ADB775B8AD0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A3158CD0-6551-469D-A0E5-A76651D97BE5}" = lport=138 | protocol=17 | dir=in | app=system | "{ADCCDAF7-1C55-4405-9414-8EA5BECCA02F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CF2CB501-0563-4AC1-B01C-573D78DA8FB8}" = lport=137 | protocol=17 | dir=in | app=system | "{E05A7A53-15E1-4803-B47C-0A6FDCE3100A}" = lport=445 | protocol=6 | dir=in | app=system | "{F26C2858-7EEB-4333-81A6-04153462EC55}" = rport=138 | protocol=17 | dir=out | app=system | "{F62DE2FE-7CE7-45FF-A1CE-8588C7B98F8B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FAA7A3B5-E8D5-4713-BAB1-9EB01E7180C6}" = lport=139 | protocol=6 | dir=in | app=system | "{FBD69C24-ADFB-4E0F-B03E-7668FB4F9F2B}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{FF2A01F0-C69D-4D4C-BE26-A455FD6FCFE9}" = rport=445 | protocol=6 | dir=out | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{11DD7B2D-1F9E-4BB7-A205-764EA9A0F0E0}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{2F7F46F8-6722-4F68-8627-FA5BE3C1BA9F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{376B1AFC-466D-4EEA-91B5-A8B98EAAFB36}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{3B920585-E237-4EB7-A885-3A1B2B7253E5}" = protocol=6 | dir=in | app=c:\spiele\sega\empire total war\steamapps\common\empire total war\empire.exe | "{3E5A3052-CA3B-4B77-AE97-022CC4779219}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{4AF7C4A9-0EBF-4B1B-835D-DAD971A82309}" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "{4F8013F3-44AE-4A4B-84D9-00396A056586}" = protocol=6 | dir=in | app=c:\spiele\ea games\battlefield 2\bf2.exe | "{5E342122-2033-404B-B917-7117EBF92BEB}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{61AC1B68-094F-40FD-9EF6-9844AFF5E0C7}" = protocol=17 | dir=in | app=c:\spiele\ea games\battlefield 2\bf2.exe | "{64700FB4-7AE1-4D01-9E1C-BFD5330F4846}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{7D4F316D-AA14-4330-8FD1-405C043D8ED1}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{814F06DE-64F6-47DF-B9A2-2EBF7CCDAF52}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{8573654E-8A73-4CC5-9C8A-90BA71995D4E}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{9B02F3D3-29EB-47A9-B0D0-EC98961D3A91}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{9BAD72B6-6D36-4E88-8085-F9C45EAF2246}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A4435415-155B-4269-B793-E4EB25EF4EBF}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{B0AB13E7-EEDB-4CEA-9A7E-E4F9F496BA1C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{B30462CD-6737-4417-981E-08355FFA9A1C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B53EADC6-C861-48BB-A45C-5F7A93E23742}" = protocol=17 | dir=in | app=c:\spiele\sega\empire total war\steamapps\common\empire total war\empire.exe | "{C7841AB8-419E-4A7E-BB73-12F639EC2A18}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{CB891E48-7489-440F-838A-4CFFFC1A02DF}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{D3EF25F2-1AE4-48AD-A05D-FED0C02B20B4}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{E026E921-4F54-4C63-A31F-766BA61A256B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{E60B03AB-51E3-4F47-A2F2-3074C9BEE2BF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F5810951-9A72-4D83-A1E9-449215042C86}" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "{F66D0FA9-7F3C-415F-B809-82B672424CEE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "TCP Query User{43693C69-06AC-460E-8C04-1D0AAEA6E35A}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{4B628D84-8C2F-49E6-8C74-9B56BBE336D2}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | "TCP Query User{5BF8E5AC-E006-4B75-B969-D98C95FB867B}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{69F224B9-0B2B-4201-98C7-488F6E51FD3F}C:\spiele\ubisoft\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe" = protocol=6 | dir=in | app=c:\spiele\ubisoft\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe | "UDP Query User{34541CED-AD19-4C76-B83D-4B5FF9900EF2}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{3D27541E-DF16-4802-8663-62952EC4AD87}C:\spiele\ubisoft\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe" = protocol=17 | dir=in | app=c:\spiele\ubisoft\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe | "UDP Query User{499B25B9-8470-4B0B-B64E-D154005768E3}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{CB2B175C-B183-45FC-8046-9F98CBE8428A}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02A003AD-7DEF-D28F-0E61-18D5F1D53CF5}" = Catalyst Control Center Localization All "{03DDA3C7-8D88-5D41-9BE4-210988CF65C3}" = Catalyst Control Center Graphics Previews Vista "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM) "{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific "{10B75CF6-5A54-4D7B-9169-70AD17181DE1}_is1" = Oxin's Style! 3D Sexvilla 2.058.002 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{22E05721-B122-F1A6-7EB2-3A61CA382464}" = ccc-utility "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}" = 3DMark05 "{31B620F7-A6E7-4F91-AF10-6EC9DB2EA564}" = ArcSoft Panorama Maker 5 "{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Foto 7.0 "{46CF6A90-7EFB-47E3-9B14-FBCEFA9F9982}" = Catalyst Control Center - Branding "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists "{62FB969D-0AF7-3AA1-A901-5C33DC921356}" = ATI AVIVO Codecs "{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver "{66CB0FCD-3BF4-F5C5-77AA-37316109072E}" = CCC Help German "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25 "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946 "{865F8014-4DED-B63D-832A-3FB08FC38479}" = ATI Catalyst Install Manager "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later "{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes "{97D2408A-AC76-4ACA-F047-42180975A250}" = ccc-core-static "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{B76E1251-5ACA-AAB7-518D-17DC63282D23}" = Catalyst Control Center InstallProxy "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War "{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0 "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3 "Acoustica Effects Pack" = Acoustica Effects Pack "Acoustica Mixcraft 3.1" = Acoustica Mixcraft 3.1 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Ashampoo Burning Studio 7_is1" = Ashampoo Burning Studio 7 "Avidemux 2.5" = Avidemux 2.5 (32-bit) "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "DAEMON Tools Lite" = DAEMON Tools Lite "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "Eufloria_is1" = Eufloria v2.07 "Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6.22.804 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.6.727 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946 "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3 "IrfanView" = IrfanView (remove only) "IsoBuster_is1" = IsoBuster 2.8.5 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 10.0.5 (x86 en-US)" = Mozilla Firefox 10.0.5 (x86 en-US) "Mumble(PR Edition)" = Mumble(PR edition) and Murmur(PR edition) "PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.9 "Project Reality: BF2 (pr)_is1" = Project Reality: BF2 "PTGui" = PTGui Pro Trial 9.0.4 "PunkBusterSvc" = PunkBuster Services "Secunia PSI" = Secunia PSI (2.0.0.4003) "Steam App 10500" = Empire: Total War "WavePad" = WavePad Sound Editor "WinRAR archiver" = WinRAR 4.01 (32-Bit) [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 20.07.2012 13:06:06 | Computer Name = ChuckNorris-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: mfpmp.exe, Version: 12.0.7600.16385, Zeitstempel: 0x4a5bcb63 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x011aa8ed ID des fehlerhaften Prozesses: 0xae0 Startzeit der fehlerhaften Anwendung: 0x01cd6699f33022b1 Pfad der fehlerhaften Anwendung: C:\Windows\system32\mfpmp.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 30e3d1b2-d28d-11e1-b10f-d027883e92b0 Error - 20.07.2012 13:06:14 | Computer Name = ChuckNorris-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: mfpmp.exe, Version: 12.0.7600.16385, Zeitstempel: 0x4a5bcb63 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x007ea8ed ID des fehlerhaften Prozesses: 0xf0c Startzeit der fehlerhaften Anwendung: 0x01cd6699f8227ec2 Pfad der fehlerhaften Anwendung: C:\Windows\system32\mfpmp.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 35d62dc3-d28d-11e1-b10f-d027883e92b0 Error - 20.07.2012 13:06:36 | Computer Name = ChuckNorris-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: mfpmp.exe, Version: 12.0.7600.16385, Zeitstempel: 0x4a5bcb63 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0147a8ed ID des fehlerhaften Prozesses: 0x674 Startzeit der fehlerhaften Anwendung: 0x01cd669a0515ee45 Pfad der fehlerhaften Anwendung: C:\Windows\system32\mfpmp.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 42c99d46-d28d-11e1-b10f-d027883e92b0 Error - 20.07.2012 13:07:00 | Computer Name = ChuckNorris-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: mfpmp.exe, Version: 12.0.7600.16385, Zeitstempel: 0x4a5bcb63 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00caa8ed ID des fehlerhaften Prozesses: 0xe60 Startzeit der fehlerhaften Anwendung: 0x01cd669a135a76db Pfad der fehlerhaften Anwendung: C:\Windows\system32\mfpmp.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 511549fd-d28d-11e1-b10f-d027883e92b0 Error - 29.07.2012 15:07:49 | Computer Name = ChuckNorris-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: i_view32.exe, Version: 4.3.3.0, Zeitstempel: 0x4f717ea9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x019947b9 ID des fehlerhaften Prozesses: 0x177c Startzeit der fehlerhaften Anwendung: 0x01cd6dbd716c9ab0 Pfad der fehlerhaften Anwendung: C:\Program Files\IrfanView\i_view32.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: afed0313-d9b0-11e1-8814-d027883e92b0 Error - 31.07.2012 17:18:45 | Computer Name = ChuckNorris-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 10.0.6.4577 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e40 Startzeit: 01cd6f4eb0fb9caa Endzeit: 31 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe Berichts-ID: Error - 03.08.2012 15:40:02 | Computer Name = ChuckNorris-PC | Source = Avira AntiVir | ID = 4110 Description = An unknown error occurred during init of the engine! Returned error code: 0x35 Error - 03.08.2012 15:40:02 | Computer Name = ChuckNorris-PC | Source = Avira AntiVir | ID = 4117 Description = The keyfile contains no valid license. The service will be stopped! Error - 04.08.2012 13:32:01 | Computer Name = ChuckNorris-PC | Source = Avira AntiVir | ID = 4110 Description = An unknown error occurred during init of the engine! Returned error code: 0x35 Error - 04.08.2012 13:32:01 | Computer Name = ChuckNorris-PC | Source = Avira AntiVir | ID = 4117 Description = The keyfile contains no valid license. The service will be stopped! [ System Events ] Error - 03.08.2012 15:34:06 | Computer Name = ChuckNorris-PC | Source = ipnathlp | ID = 31004 Description = Error - 03.08.2012 15:34:06 | Computer Name = ChuckNorris-PC | Source = ipnathlp | ID = 31004 Description = Error - 03.08.2012 15:35:45 | Computer Name = ChuckNorris-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error - 03.08.2012 15:40:03 | Computer Name = ChuckNorris-PC | Source = ipnathlp | ID = 34001 Description = Error - 03.08.2012 15:42:02 | Computer Name = ChuckNorris-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error - 03.08.2012 15:54:16 | Computer Name = ChuckNorris-PC | Source = ipnathlp | ID = 31004 Description = Error - 04.08.2012 13:32:03 | Computer Name = ChuckNorris-PC | Source = ipnathlp | ID = 34001 Description = Error - 04.08.2012 13:34:03 | Computer Name = ChuckNorris-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error - 04.08.2012 14:09:45 | Computer Name = ChuckNorris-PC | Source = ipnathlp | ID = 31004 Description = Error - 04.08.2012 15:09:45 | Computer Name = ChuckNorris-PC | Source = ipnathlp | ID = 34001 Description = < End of report > |
|
|
|
|
|
|
06.08.2012, 13:11
Moderator
Beiträge: 5694 |
#6
ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten. Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten. • Dein Anti-Virus-Programm während des Scans deaktivieren. Button  (<< klick) drücken.• Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren. • IE-User: müssen das Installieren eines ActiveX Elements erlauben. • Setze den einen Hacken bei Yes, i accept the Terms of Use. • Drücke den  Button.• Warte bis die Komponenten herunter geladen wurden. • Setze einen Haken bei "Scan archives". • Gehe sicher das bei Remove Found Threads kein Hacken gesetzt ist. • drücken.• Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.Wenn der Scan beendet wurde • Klicke  .• Klicke  und speichere das Logfile als ESET.txt auf dem Desktop.• Klicke Back und Finish Bitte poste die Logfile hier. |
|
|
|
|
|
|
06.08.2012, 18:48
Member
Themenstarter Beiträge: 104 |
#7
ESET
C:\Users\ChuckNorris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\6c9cfcb-4702d9eb Java/Exploit.CVE-2012-1723.E trojan C:\Users\ChuckNorris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\52cd707f-25e56e80 Java/Exploit.CVE-2012-1723.Y trojan |
|
|
|
|
|
|
08.08.2012, 13:38
Moderator
Beiträge: 5694 |
#8
Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
• Downloade dir bitte die neueste Java-Version von hier • Speichere die jxpiinstall.exe• Schließe alle laufenden Programme. Speziell deinen Browser. • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version herunter laden. • Wenn die installation beendet wurde Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen. • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden. Nach dem Neustart • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol. • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen. • Klicke auf Dateien löschen.... • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK. • Klicke erneut OK. |
|
|
|
|
|
|
09.08.2012, 21:34
Member
Themenstarter Beiträge: 104 |
#9
Ok erledigt
|
|
|
|
|
|
|
10.08.2012, 00:05
Moderator
Beiträge: 5694 |
#10
Noch Probleme?
|
|
|
|
|
|
|
13.08.2012, 21:55
Member
Themenstarter Beiträge: 104 |
||
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Ich komme direkt zum problem.
Ich war am surfen im web als sich auf einmal der Bildschirm mit einer Meldung von der Polizei füllte.
Angeblich wurden illegale inhalte auf meinem PC gefunden und wenn ich einen bestimmten Betrag überweisen würde, würde mein Pc wieder freigeschaltet werden.Mein Chef hatte letztens auf seinem Arbeits Laptop was ähnliches und er hat es bei einem Computerservic machen lassen. ihm wurde gesagt das es ein Virus sei.
Ich habe mit hilfe der systemwiederherstellung den pc auf einen vorherigen stand gebracht und alles ging wieder.Aber ich befürchte das das ding noch auf meinem Rechner ist.Ausserdem bekomme ich von Avira immer wieder Maleware gemeldet.
Schonmal danke für die hilfe.
MALEWAREBYTES
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.08.03.08
Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
ChuckNorris :: CHUCKNORRIS-PC [Administrator]
03.08.2012 21:50:21
mbam-log-2012-08-03 (21-50-21).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 182341
Laufzeit: 58 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
GMER
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-03 22:06:08
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD7502AAEX-00Y9A0 rev.05.01D05
Running: si6y4ixs.exe; Driver: C:\Users\CHUCKN~1\AppData\Local\Temp\pxtdqpoc.sys
---- System - GMER 1.0.15 ----
SSDT 902B7696 ZwCreateSection
SSDT 902B769B ZwSetContextThread
SSDT 902B7637 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C7F579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CA3F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 340 82CAB840 4 Bytes [96, 76, 2B, 90] {XCHG ESI, EAX; JBE 0x2e; NOP }
.text ntkrnlpa.exe!RtlSidHashLookup + 6E0 82CABBE0 4 Bytes [9B, 76, 2B, 90] {WAIT ; JBE 0x2e; NOP }
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82CABCB8 4 Bytes [37, 76, 2B, 90] {AAA ; JBE 0x2e; NOP }
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93E0F000, 0x349D76, 0xE8000020]
.text peauth.sys 81F5FC9D 28 Bytes [8F, 72, EE, D5, EA, C1, 27, ...]
.text peauth.sys 81F5FCC1 28 Bytes [8F, 72, EE, D5, EA, C1, 27, ...]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[3112] ntdll.dll!LdrLoadDll 76EAF585 5 Bytes JMP 60641090 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3992] USER32.dll!SetWindowLongA 7578B1E3 5 Bytes JMP 60A184F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3992] USER32.dll!SetWindowLongW 75796614 5 Bytes JMP 60A18487 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3992] USER32.dll!GetWindowInfo 75796A82 5 Bytes JMP 607B9CC3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3992] USER32.dll!TrackPopupMenu 757B4B3B 5 Bytes JMP 607BA277 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000005e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 1264
---- Files - GMER 1.0.15 ----
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\3\99\6D79Ed01 2877 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\3\5D\10314d01 2049 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\4\86\BE905d01 0 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\5\9E\38042d01 3041 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\8\C4\E42F7d01 10473 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\8\E3\77042d01 7111 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\9\1B\2C244d01 4396 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\9\1E\8D20Bd01 9231 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\9\E4\FAB6Ed01 8862 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\A\10\0FAA4m01 3884 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\A\E7\62400m01 4734 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\C\24\0F7ECd01 0 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\C\89\DF93Dd01 0 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\C\98\64486d01 0 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\C\9B\139DFd01 0 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\C\42\104B0m01 0 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\F\02\F8D43m01 5030 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\F\1B\DED0Bm01 2178 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\F\74\2A9DAd01 17986 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\F\74\2A9DAm01 3915 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\F\79\66D14d01 3805 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\F\79\66D14m01 2944 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\F\C2\A3BACm01 2972 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\F\2F\E350Fd01 0 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\F\2F\E350Fm01 3884 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\F\D8\3E9C1d01 6965 bytes
File C:\Users\ChuckNorris\AppData\Local\Mozilla\Firefox\Profiles\kcc2accf.default\Cache\F\D8\3E9C1m01 3934 bytes
File C:\Windows\System32\drivers\mbamswissarmy.sys 0 bytes
---- EOF - GMER 1.0.15 ----
HJT
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:09:35, on 03.08.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Users\ChuckNorris\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\ChuckNorris\Downloads\HiJackThis204.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Steam] "C:\Spiele\SEGA\Empire Total War\Steam.exe" -silent
O4 - Startup: Dropbox.lnk = C:\Users\ChuckNorris\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ChuckNorris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBD44FAD-390E-4731-8C65-3A4BA4A9201F}: NameServer = 213.191.92.87 62.109.123.6
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 5483 bytes
UNINSTALL
3DMark05
Acoustica Effects Pack
Acoustica Mixcraft 3.1
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.3) - Deutsch
ArcSoft Panorama Maker 5
Ashampoo Burning Studio 7
ATI AVIVO Codecs
ATI Catalyst Install Manager
Avidemux 2.5 (32-bit)
Avira AntiVir Personal - Free Antivirus
Battlefield 2(TM)
Battlefield Heroes
Call of Duty(R) 4 - Modern Warfare(TM)
Catalyst Control Center - Branding
CCleaner
DAEMON Tools Lite
DAEMON Tools Toolbar
Doom 3
Empire: Total War
Eufloria v2.07
Free Video to DVD Converter version 1.6.22.804
Free YouTube to MP3 Converter version 3.10.6.727
Futuremark SystemInfo
Google Earth
Google Update Helper
ICQ7.5
IL-2 Sturmovik 1946
IrfanView (remove only)
IsoBuster 2.8.5
Java(TM) 6 Update 31
Malwarebytes Anti-Malware Version 1.62.0.1300
McAfee Security Scan Plus
Medieval II Total War
Microsoft Picture It! Foto 7.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 10.0.5 (x86 en-US)
MSVCRT Redists
Mumble(PR edition) and Murmur(PR edition)
NVIDIA PhysX v8.04.25
Oxin's Style! 3D Sexvilla 2.058.002
Photomatix Pro version 3.2.9
Project Reality: BF2
PTGui Pro Trial 9.0.4
PunkBuster Services
Realtek Ethernet Controller Driver For Windows Vista and Later
Secunia PSI (2.0.0.4003)
Silent Hunter 4 Wolves of the Pacific
Skype™ 5.5
Steam
VIA Plattform-Geräte-Manager
WavePad Sound Editor
Windows Media Player Firefox Plugin
WinRAR 4.01 (32-Bit)
WinZip 16.0