Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 14.06.2011, 11:37   #1
Taifahrer
 
Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich) - Standard

Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich)



Hallo Leute, da ich wahrscheinlich nur aufgrund dieses Virus /Trojaners hier sien werde, entshculdigt bitte alle Fehler die ich mache zwecks der nichtbeachtung von "Erst suchen dann posten-regel" oder "falsche kategorie" :/

Wie im Titel schon steht hab ich einen Virus bzw 4 um genau zu sein,.. hab hier mal etwas gestöbert und Malwarebytes geholt,.. hab scannen lassen und vier gefunden:
- Trojan Dropper
-Hijack Display Properties
-Hijack Taskmanager 2x

hab sie entfernt, und der bildschirm ist immernoch schwarz und task manager lässt sich immernoch nicht öffnen,.. alle icons sind weg aufm bildshcirm und das wallpaper auch,.. links neben dem startsymbol auch nur rechts bei der taskleiste wo die uhr ist stehtn die autorun programme wie antivir icq usw..

ich hab euch hie rmal meinen bericht von Malwarebytes drin:
Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

14.06.2011 12:27:58
mbam-log-2011-06-14 (12-27-58).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 121819
Laufzeit: 7 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Jerre\AppData\Local\Temp\0.4222761047209177.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Alt 14.06.2011, 11:48   #2
Taifahrer
 
Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich) - Standard

Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich)



was noch zu erwähnen wäre, ist dass beim neusrart sofort windows vista restore kommt um das problem zu beheben,.. es findet immer "4 critical errors" kann diese aber nciht besieitigen stattdessen weißt es auf die premium version hin, die kostenpflichtig ist, welches diese dann beseitigen könnte,.. das klngt für mich als wolle der virus dass ich ihn beseitige bzw dass dies alles zum virus gehört...
__________________


Alt 14.06.2011, 12:02   #3
markusg
/// Malware-holic
 
Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich) - Standard

Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich)



hallo
das gehört dazu blos nicht kaufen.
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten, evtl. im abgesicherten modus, falls es nicht klappt, der ist bei pc start mit f8 zu erreichen
__________________
__________________

Alt 14.06.2011, 12:12   #4
Taifahrer
 
Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich) - Standard

Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich)



ok bin gerade dabei! ich werd es dann sofort posten, danke im vorraus!

Alt 14.06.2011, 12:24   #5
Taifahrer
 
Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich) - Standard

Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich)



hier beide :
[quote]OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.06.2011 13:09:17 - Run 1
OTL by OldTimer - Version 3.2.24.0     Folder = c:\Users\Jerre\Downloads
Windows Vista Ultimate Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 56,88% Memory free
6,67 Gb Paging File | 5,39 Gb Available in Paging File | 80,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 670,98 Gb Free Space | 72,03% Space Free | Partition Type: NTFS
 
Computer Name: JERRE-PC | User Name: Jerre | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\Jerre\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\34922256.exe (Microsoft Corporation)
PRC - C:\ProgramData\lKMwrmNWsXvp.exe (Microsoft Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\GIGABYTE\EnergySaver\GSvr.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\SystemPropertiesProtection.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - c:\Users\Jerre\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (GEST Service) -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (OXSDIDRV_x32) Oxford Semi eSATA Filter (x32) -- C:\Windows\System32\drivers\OXSDIDRV_x32.sys ()
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (Aspi32) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3130919968-1706999109-4108593173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/sk27211/
IE - HKU\S-1-5-21-3130919968-1706999109-4108593173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3130919968-1706999109-4108593173-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3130919968-1706999109-4108593173-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-3130919968-1706999109-4108593173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3130919968-1706999109-4108593173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.wetter.com"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7
FF - prefs.js..extensions.enabledItems: djziggy@gmail.com:1.3.3
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=sk27211&tb_ver=1.1.9&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.20 18:01:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.20 18:01:58 | 000,000,000 | ---D | M]
 
[2010.01.22 23:40:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jerre\AppData\Roaming\mozilla\Extensions
[2011.05.23 21:44:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jerre\AppData\Roaming\mozilla\Firefox\Profiles\i3qt0r1k.default\extensions
[2010.06.24 23:21:45 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jerre\AppData\Roaming\mozilla\Firefox\Profiles\i3qt0r1k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.24 10:53:32 | 000,000,000 | -H-D | M] ("Malware Search") -- C:\Users\Jerre\AppData\Roaming\mozilla\Firefox\Profiles\i3qt0r1k.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
[2011.05.18 15:36:38 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Jerre\AppData\Roaming\mozilla\Firefox\Profiles\i3qt0r1k.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.05.17 13:31:53 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\Jerre\AppData\Roaming\mozilla\Firefox\Profiles\i3qt0r1k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.05.17 13:31:49 | 000,000,000 | -H-D | M] (LavaFox V1-Blue) -- C:\Users\Jerre\AppData\Roaming\mozilla\Firefox\Profiles\i3qt0r1k.default\extensions\djziggy@gmail.com
[2010.11.30 01:46:39 | 000,000,000 | -H-D | M] (Search Results Optimizator) -- C:\Users\Jerre\AppData\Roaming\mozilla\Firefox\Profiles\i3qt0r1k.default\extensions\SearchHelper
[2010.11.30 01:48:59 | 000,002,138 | -H-- | M] () -- C:\Users\Jerre\AppData\Roaming\Mozilla\Firefox\Profiles\i3qt0r1k.default\searchplugins\GoogleFeed.xml
[2011.06.12 19:12:39 | 000,001,048 | -H-- | M] () -- C:\Users\Jerre\AppData\Roaming\Mozilla\Firefox\Profiles\i3qt0r1k.default\searchplugins\icqplugin.xml
[2011.05.20 16:34:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) -- 
[2010.01.29 17:39:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\JERRE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I3QT0R1K.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.05.20 18:01:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2011.05.20 18:01:57 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.05.20 18:01:57 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2011.05.20 18:01:57 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.05.20 18:01:57 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.05.20 18:01:57 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.05.20 18:01:57 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AutoBAUP_FilesBackup]  File not found
O4 - HKLM..\Run: [AutoBAUP_FilesBackup_2]  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3130919968-1706999109-4108593173-1000..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-3130919968-1706999109-4108593173-1000..\Run: [lKMwrmNWsXvp] C:\ProgramData\lKMwrmNWsXvp.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3130919968-1706999109-4108593173-1000..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKU\S-1-5-21-3130919968-1706999109-4108593173-1000..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3130919968-1706999109-4108593173-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jerre\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jerre\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\System32\Adobe
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.ZMBV - zmbv.dll ()
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.14 01:21:22 | 000,000,000 | -H-D | C] -- C:\Users\Jerre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Restore
[2011.06.14 01:20:40 | 000,388,096 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\34922256.exe
[2011.06.14 01:09:41 | 000,494,592 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lKMwrmNWsXvp.exe
[2011.06.08 23:39:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jodix
[2011.06.08 23:39:07 | 000,000,000 | ---D | C] -- C:\Programme\Free WMA to MP3 Converter
[2011.05.25 21:39:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.05.17 18:56:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2011.05.17 18:55:48 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.5
[2011.04.19 18:39:09 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe1340.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.14 12:44:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.14 12:42:25 | 000,000,400 | ---- | M] () -- C:\ProgramData\34922256
[2011.06.14 12:39:59 | 000,000,128 | ---- | M] () -- C:\ProgramData\~34922256r
[2011.06.14 12:39:59 | 000,000,104 | ---- | M] () -- C:\ProgramData\~34922256
[2011.06.14 12:39:22 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys
[2011.06.14 12:39:17 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.14 12:39:08 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.14 12:39:08 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.14 12:39:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.14 12:38:59 | 3487,883,264 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.14 12:11:39 | 000,001,441 | -H-- | M] () -- C:\Users\Jerre\Desktop\itunes - Verknüpfung.lnk
[2011.06.14 01:21:23 | 000,000,593 | -H-- | M] () -- C:\Users\Jerre\Desktop\Windows Vista Restore.lnk
[2011.06.14 01:20:41 | 000,388,096 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\34922256.exe
[2011.06.14 01:14:53 | 000,121,856 | -H-- | M] () -- C:\Users\Jerre\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.14 01:09:41 | 000,494,592 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lKMwrmNWsXvp.exe
[2011.06.13 11:34:46 | 322,988,592 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.06.08 23:40:07 | 002,527,526 | -H-- | M] () -- C:\Users\Jerre\Documents\Unbenannt (33).mp3
[2011.06.08 23:39:08 | 000,000,882 | -H-- | M] () -- C:\Users\Jerre\Desktop\Jodix Free WMA to MP3 Converter.lnk
[2011.06.08 23:29:28 | 000,400,091 | -H-- | M] () -- C:\Users\Jerre\Documents\Unbenannt (35).wma
[2011.06.08 23:27:32 | 000,444,991 | -H-- | M] () -- C:\Users\Jerre\Documents\Unbenannt (34).wma
[2011.06.08 23:20:41 | 001,922,201 | -H-- | M] () -- C:\Users\Jerre\Documents\Unbenannt (33).wma
[2011.06.08 23:17:11 | 000,615,611 | -H-- | M] () -- C:\Users\Jerre\Documents\Unbenannt (32).wma
[2011.06.08 23:16:13 | 000,364,171 | -H-- | M] () -- C:\Users\Jerre\Documents\Unbenannt (31).wma
[2011.06.08 23:15:40 | 000,328,251 | -H-- | M] () -- C:\Users\Jerre\Documents\Unbenannt (30).wma
[2011.06.08 23:10:19 | 000,503,361 | -H-- | M] () -- C:\Users\Jerre\Documents\Unbenannt (29).wma
[2011.06.04 00:49:40 | 000,644,616 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.04 00:49:40 | 000,612,848 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.04 00:49:40 | 000,117,510 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.04 00:49:40 | 000,104,570 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.02 11:52:29 | 000,001,356 | -H-- | M] () -- C:\Users\Jerre\AppData\Local\d3d9caps.dat
[2011.05.17 18:24:28 | 003,246,751 | -H-- | M] () -- C:\Users\Jerre\Documents\Unbenannt (28).wma
[2011.05.17 18:17:49 | 001,836,891 | -H-- | M] () -- C:\Users\Jerre\Documents\Unbenannt (27).wma
[2011.05.17 18:14:26 | 000,575,201 | -H-- | M] () -- C:\Users\Jerre\Documents\Unbenannt (26).wma
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.14 12:11:37 | 000,001,441 | -H-- | C] () -- C:\Users\Jerre\Desktop\itunes - Verknüpfung.lnk
[2011.06.14 02:33:30 | 000,000,128 | ---- | C] () -- C:\ProgramData\~34922256r
[2011.06.14 02:33:30 | 000,000,104 | ---- | C] () -- C:\ProgramData\~34922256
[2011.06.14 01:21:23 | 000,000,593 | -H-- | C] () -- C:\Users\Jerre\Desktop\Windows Vista Restore.lnk
[2011.06.14 01:20:47 | 000,000,400 | ---- | C] () -- C:\ProgramData\34922256
[2011.06.08 23:40:02 | 002,527,526 | -H-- | C] () -- C:\Users\Jerre\Documents\Unbenannt (33).mp3
[2011.06.08 23:39:08 | 000,000,882 | -H-- | C] () -- C:\Users\Jerre\Desktop\Jodix Free WMA to MP3 Converter.lnk
[2011.06.08 23:29:27 | 000,400,091 | -H-- | C] () -- C:\Users\Jerre\Documents\Unbenannt (35).wma
[2011.06.08 23:27:32 | 000,444,991 | -H-- | C] () -- C:\Users\Jerre\Documents\Unbenannt (34).wma
[2011.06.08 23:20:41 | 001,922,201 | -H-- | C] () -- C:\Users\Jerre\Documents\Unbenannt (33).wma
[2011.06.08 23:17:11 | 000,615,611 | -H-- | C] () -- C:\Users\Jerre\Documents\Unbenannt (32).wma
[2011.06.08 23:16:13 | 000,364,171 | -H-- | C] () -- C:\Users\Jerre\Documents\Unbenannt (31).wma
[2011.06.08 23:15:40 | 000,328,251 | -H-- | C] () -- C:\Users\Jerre\Documents\Unbenannt (30).wma
[2011.06.08 23:10:19 | 000,503,361 | -H-- | C] () -- C:\Users\Jerre\Documents\Unbenannt (29).wma
[2011.05.17 18:24:28 | 003,246,751 | -H-- | C] () -- C:\Users\Jerre\Documents\Unbenannt (28).wma
[2011.05.17 18:17:49 | 001,836,891 | -H-- | C] () -- C:\Users\Jerre\Documents\Unbenannt (27).wma
[2011.05.17 18:14:26 | 000,575,201 | -H-- | C] () -- C:\Users\Jerre\Documents\Unbenannt (26).wma
[2011.01.27 19:56:01 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.01.08 01:27:36 | 000,024,880 | ---- | C] () -- C:\Windows\System32\drivers\OXUDIDRV_x32.sys
[2010.11.30 01:46:42 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.09.13 18:55:13 | 008,676,883 | ---- | C] () -- C:\Windows\System32\mp3Media2.dll
[2010.08.27 05:03:03 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010.04.09 21:08:26 | 000,094,208 | ---- | C] () -- C:\Windows\System32\zmbv.dll
[2010.02.08 18:45:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.02.08 18:40:38 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2010.02.04 00:07:01 | 000,000,330 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2010.02.02 23:27:57 | 000,121,856 | -H-- | C] () -- C:\Users\Jerre\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.25 17:52:35 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.01.25 17:52:35 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.01.23 00:13:24 | 000,000,552 | -H-- | C] () -- C:\Users\Jerre\AppData\Local\d3d8caps.dat
[2010.01.22 22:46:18 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2010.01.22 22:46:18 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.01.22 22:33:55 | 000,001,356 | -H-- | C] () -- C:\Users\Jerre\AppData\Local\d3d9caps.dat
[2009.09.28 10:55:38 | 000,052,656 | ---- | C] () -- C:\Windows\System32\drivers\OXSDIDRV_x32.sys
[2009.09.28 10:55:16 | 000,048,688 | ---- | C] () -- C:\Windows\System32\OXSDICIN_x32.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.06.03 05:35:16 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.04.28 23:09:08 | 000,172,033 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.03.06 02:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007.10.25 18:26:10 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.08.21 23:51:16 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2007.08.21 21:36:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2006.11.02 17:48:52 | 000,644,616 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:48:52 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:48:52 | 000,117,510 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:48:52 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:46:27 | 000,372,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:34:29 | 000,063,488 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2006.11.02 14:34:23 | 000,080,010 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006.11.02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,612,848 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,570 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
 
========== LOP Check ==========
 
[2010.06.29 18:28:37 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\Canneverbe Limited
[2010.08.27 05:01:01 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\DAEMON Tools Lite
[2011.03.04 20:12:17 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\gtk-2.0
[2011.01.28 18:04:26 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\HTC
[2011.01.28 18:08:14 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.06.14 12:40:12 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\ICQ
[2010.01.25 18:16:20 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\IrfanView
[2011.04.26 11:58:05 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\LolClient
[2010.01.25 17:57:07 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\PC Suite
[2011.03.07 17:05:35 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\Samsung
[2010.01.22 23:47:40 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\SharePod
[2011.02.28 19:11:17 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\TeamViewer
[2011.06.14 12:37:55 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.01.28 17:55:18 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\Adobe
[2010.11.10 20:08:38 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\Apple Computer
[2010.02.08 18:49:01 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\ATI
[2010.06.29 18:28:37 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\Canneverbe Limited
[2010.08.27 05:01:01 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\DAEMON Tools Lite
[2010.11.30 00:24:22 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\DivX
[2011.03.04 20:12:17 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\gtk-2.0
[2011.01.28 18:04:26 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\HTC
[2011.01.28 18:08:14 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.06.14 12:40:12 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\ICQ
[2010.01.22 22:33:59 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\Identities
[2010.01.22 22:54:41 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\InstallShield
[2010.01.25 18:16:20 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\IrfanView
[2011.04.26 11:58:05 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\LolClient
[2010.01.23 00:39:56 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\Macromedia
[2010.12.01 17:15:05 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\Malwarebytes
[2006.11.02 14:35:50 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\Media Center Programs
[2011.04.28 12:38:40 | 000,000,000 | --SD | M] -- C:\Users\Jerre\AppData\Roaming\Microsoft
[2010.01.22 23:40:22 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\Mozilla
[2010.01.25 17:57:07 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\PC Suite
[2011.03.07 17:05:35 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\Samsung
[2010.01.22 23:47:40 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\SharePod
[2011.02.28 19:11:17 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\TeamViewer
[2010.01.23 11:35:45 | 000,000,000 | -H-D | M] -- C:\Users\Jerre\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.01.28 17:55:14 | 000,053,632 | -H-- | M] (Adobe Systems Inc.) -- C:\Users\Jerre\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.05.01 23:53:33 | 000,012,862 | RH-- | M] () -- C:\Users\Jerre\AppData\Roaming\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_3DDFBC2CECDECFF328EC5D.exe
[2010.02.08 18:39:45 | 000,010,134 | RH-- | M] () -- C:\Users\Jerre\AppData\Roaming\Microsoft\Installer\{84E116EA-76A3-BC83-5AC5-79307C0A2424}\ARPPRODUCTICON.exe
[2010.02.08 18:41:53 | 000,009,158 | RH-- | M] () -- C:\Users\Jerre\AppData\Roaming\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
[2010.08.26 02:46:56 | 000,010,134 | RH-- | M] () -- C:\Users\Jerre\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2010.01.24 11:17:56 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2010.01.24 11:17:56 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2010.01.24 11:17:56 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2010.01.24 11:17:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2010.01.24 11:16:35 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2010.01.24 11:16:35 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010.01.24 11:16:34 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010.01.24 11:16:34 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010.01.24 11:51:30 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2010.01.24 11:51:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2010.01.24 11:16:35 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.01.24 10:00:53 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2010.01.24 10:00:53 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2010.01.24 10:00:53 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.08.27 01:10:30 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010.03.09 18:49:34 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2010.03.09 18:49:34 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2010.03.04 21:24:26 | 000,434,176 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\vbscript.dll

< End of report >
         
--- --- ---


dann der Extras.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 14.06.2011 13:09:17 - Run 1
OTL by OldTimer - Version 3.2.24.0     Folder = c:\Users\Jerre\Downloads
Windows Vista Ultimate Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 56,88% Memory free
6,67 Gb Paging File | 5,39 Gb Available in Paging File | 80,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 670,98 Gb Free Space | 72,03% Space Free | Partition Type: NTFS
 
Computer Name: JERRE-PC | User Name: Jerre | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-3130919968-1706999109-4108593173-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03484EA4-DEAB-4EE7-A169-BFACD3BB1209}" = lport=6905 | protocol=17 | dir=in | name=league of legends launcher | 
"{05EA6D69-E74B-4D21-AE27-0BD1EF102BB4}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
"{071DD84C-C87A-4AA1-AF96-6C6288B92633}" = lport=57693 | protocol=17 | dir=in | name=pando media booster | 
"{0F9670E7-5871-4D9D-8385-2F53BD336513}" = lport=6905 | protocol=6 | dir=in | name=league of legends launcher | 
"{108E5D7C-A07B-4682-B32E-5328B85C1AB1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{128111A7-8FEE-42BE-B31F-CCAA4D1BA940}" = lport=6947 | protocol=17 | dir=in | name=league of legends launcher | 
"{12A7205B-DFB0-4FC1-A239-E19D5D3BCA0B}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
"{132EE32E-B213-4AFB-8ECC-2FC12C7A1408}" = lport=57693 | protocol=6 | dir=in | name=pando media booster | 
"{27BF1972-93E9-426A-B356-84BA612B27D5}" = lport=57693 | protocol=17 | dir=in | name=pando media booster | 
"{2AE48FB4-3A25-4759-ABFA-2F476524666F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{395B435A-DDFB-4C2B-8444-D24F5E2C494F}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher | 
"{43E3C370-45B0-4E7E-BBAE-A3C5518CC954}" = lport=6952 | protocol=6 | dir=in | name=league of legends launcher | 
"{454268DC-CFBC-42E1-B5EF-B22BF926B681}" = lport=6995 | protocol=17 | dir=in | name=league of legends launcher | 
"{4864F776-5D63-42D4-9AAC-1D07CF5642B2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4DD8D218-A64E-4597-955C-BF46D41011A5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{54EFE344-6513-4B7A-8163-ACE93D8CF096}" = rport=445 | protocol=6 | dir=out | app=system | 
"{58E14A3C-0DE4-43EB-8246-9BB9FFBEA63A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5EC9D794-EFCC-4CD4-9CF1-DDEDB8917F3F}" = lport=6980 | protocol=6 | dir=in | name=league of legends launcher | 
"{6653C8F0-4FCB-416D-A45D-5DE0A82E79BC}" = lport=6976 | protocol=17 | dir=in | name=league of legends launcher | 
"{705D3464-07A7-44E3-A470-91E9647CCD52}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
"{711D6128-3B13-4A2C-A0E5-8FBBCB6660E3}" = lport=6955 | protocol=17 | dir=in | name=league of legends launcher | 
"{72C80666-E37E-4F4E-8609-5D9170F519BE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{77426029-629D-4735-98D9-53511C899C7C}" = lport=6980 | protocol=17 | dir=in | name=league of legends launcher | 
"{7CCBE25A-B2C6-49D4-8AE2-40D91F04D33C}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher | 
"{8A771B0B-5C70-4DB8-AEDF-2664501BE9BB}" = lport=6952 | protocol=17 | dir=in | name=league of legends launcher | 
"{8E3DB2AC-250E-43A5-8135-2D67F7D3803E}" = lport=6976 | protocol=6 | dir=in | name=league of legends launcher | 
"{8F7E5053-5D0F-47E9-A550-3DBB90206614}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{920F44D5-11F1-45BE-A8FC-0B948D344FB3}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | 
"{96660B78-5D70-49B1-A4FD-28490BE1ADE3}" = lport=6955 | protocol=6 | dir=in | name=league of legends launcher | 
"{A0AF2627-5B45-4FF8-9340-F156BFF799C2}" = lport=6995 | protocol=6 | dir=in | name=league of legends launcher | 
"{AEDBFC17-830A-46CC-BC0E-C6A68BCA03E6}" = lport=6947 | protocol=6 | dir=in | name=league of legends launcher | 
"{B687765F-6A6B-4B97-8393-29381550881A}" = lport=6951 | protocol=17 | dir=in | name=league of legends launcher | 
"{C549F79B-6C65-495B-B6D7-AAA5F98C7690}" = lport=6883 | protocol=17 | dir=in | name=league of legends launcher | 
"{DFCA0EB3-B749-43B0-999E-6067FD8D7767}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E038D282-6ABA-4258-A617-1AEAF1073FD7}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | 
"{E328D840-B6F3-4F9E-8309-5F94553DD0B6}" = lport=57693 | protocol=6 | dir=in | name=pando media booster | 
"{ECA11E13-9BC6-4CAB-8F5D-D3DAF673A128}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EF1C18F5-CC93-494F-91A8-74240F2D8F16}" = lport=6951 | protocol=6 | dir=in | name=league of legends launcher | 
"{EF466EBA-0A57-453C-994F-82E48A25F471}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
"{EFD3C9EA-164C-4599-A20E-E079CBFAFA95}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F007D5A1-7837-48E1-B28F-D08F9D0E4A38}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{F4B2B6DD-BEA7-4C62-94EE-FB1AF94AD682}" = lport=6883 | protocol=6 | dir=in | name=league of legends launcher | 
"{F8EE2ECE-7D67-4CD2-B9AF-D2EDB652EE7A}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{040A0993-0F5A-47B4-ACE6-6507243B1A73}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\taxipfahrer\counterstrike source beta\hl2.exe | 
"{0BBD4AAD-965E-4CB2-B217-F9B24A41DC16}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{0ED938AB-8378-4175-A27D-BB9B483F142B}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{0F7A6335-C799-4F4F-9E52-B5A1BFE150CC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0FDA8172-3268-4C31-B903-328593746347}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{1C4F4757-64BB-4138-9E07-1D4AA5CB7ECD}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{234A6DB2-2196-426E-AA07-4B20AEAE17A7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{2C9F8C65-85D1-445E-B609-563222126C57}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{2DEC1DD7-40E9-4C87-8B49-883F8101CD43}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{3558FE43-F9A6-4FB9-B32F-AD4C610CF3C1}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{3575F006-6720-4338-AF9A-C7781AA6854A}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{37932C6E-69F0-47B5-AFD2-7F031A60B8BA}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{4348E593-4FD0-45C4-9E00-E18D484BCC89}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{44BF8207-1991-4C3F-BE23-80365ABE02C7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\taxipfahrer\counter-strike source\hl2.exe | 
"{4B43CA0E-0081-49C1-A8EF-7540C2A5989A}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{4C6A9EB7-5D95-4A49-BA37-BFBDEDE996C9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\taxipfahrer\counter-strike source\hl2.exe | 
"{4CEF5D37-2C59-46E4-A6B2-AA700FAFD8AA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5C5F97A3-C2E0-41E9-BB11-6E1FA15C039E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5DA494A4-73A6-40BA-A62D-C66AA3F7704F}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{620EA3EB-8FA7-47ED-90E7-7FCA61ECF747}" = protocol=6 | dir=in | app=c:\program files\savetubevideo.com\savetubevideo\downloader.exe | 
"{6447840E-65B3-4B31-8BFD-FBCACAB5E128}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{65B3792E-F9E9-4A89-A69B-01A584396A38}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{6A40D145-B9BC-4757-9C49-742B137B55E7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7527B750-6D3E-40AA-9111-1162CB30EEDB}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{773362E9-9D6D-41D4-8830-64A8AD6468AD}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{7D4CF6AC-B936-46D8-AEA9-36A04D9F639B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{8A31E48C-AEEA-48EB-ADAB-0EA64BA3F334}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{8AD45371-D267-470F-B626-372CAC017253}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8FE58DA1-8543-4707-BA1A-BB258EB97856}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{98A3B190-A36C-408F-AAC3-61912E2DC010}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\taxipfahrer\counter-strike source\hl2.exe | 
"{A54DB55C-A3E6-41B3-B6A2-FD99E4D8C353}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B1EB5FC7-F0F9-4503-9D6F-6E93A685304F}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{B27F0536-F717-4BB3-AEFA-4D1820F82E58}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B2CFFA16-9CF9-42C2-A7EB-0D5BB778AC17}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B5FEA9FE-3876-4778-B240-C54B951E7F23}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\taxipfahrer\counter-strike source\hl2.exe | 
"{B81BD101-4550-4F1F-B9D9-FCB88712DA7C}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{BED2E6CA-8C41-4914-8769-611A94940341}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | 
"{BF4D0781-0076-4A43-8FEA-C4E2F7CF2E46}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{C1004A27-EBDB-48A1-BB7F-9D7BEEA5FB02}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C8AD31EE-8F27-43A6-A231-0E8E88FC7654}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D1EE2705-2793-424C-944C-8BC56F964FA3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | 
"{D34D9F25-4F2B-4A61-AD65-8D0A5D8BF30A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D7FC0348-B952-4C6F-95D9-D1CB1F5DF66F}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{DB0EC858-E884-4777-A854-B708DAA64C81}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{DFE4DA86-B7DE-4DA0-84CA-2BFF5482D84A}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{E5458E59-DB66-45D6-9CC3-BC8D20D72DD7}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{EA22DEF1-A863-4799-A8A6-A2926AF9EA31}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\taxipfahrer\counterstrike source beta\hl2.exe | 
"{EE958AAC-DA39-4D01-BF7B-F612CC2B5B5E}" = protocol=17 | dir=in | app=c:\program files\savetubevideo.com\savetubevideo\downloader.exe | 
"{F52AF6ED-993B-470B-87CA-94F7A775D95A}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{F8D15B5C-430F-406C-B565-81CB70169531}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{FC21462F-D7BD-45B2-8C5B-F600D17F0D6B}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"TCP Query User{37C6CA8F-C384-4B31-BF07-0FD86C003D77}C:\users\jerre\desktop\miranda\miranda32.exe" = protocol=6 | dir=in | app=c:\users\jerre\desktop\miranda\miranda32.exe | 
"TCP Query User{4588528E-23CE-4511-B4DC-E812427BE207}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{562564D5-3980-4CF4-AA6E-6D070C4B9839}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{6F1EFB04-43B2-44B6-86D6-7DD48E20EED9}C:\program files\steam\steamapps\taxipfahrer\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\taxipfahrer\team fortress 2\hl2.exe | 
"TCP Query User{B7F19BD8-C597-419B-850C-5EF428FAF669}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{90F0B7D4-6B22-45B4-84A2-AAC9D5013428}C:\program files\steam\steamapps\taxipfahrer\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\taxipfahrer\team fortress 2\hl2.exe | 
"UDP Query User{93F7282C-0994-4AE3-879F-4E8789C9409E}C:\users\jerre\desktop\miranda\miranda32.exe" = protocol=17 | dir=in | app=c:\users\jerre\desktop\miranda\miranda32.exe | 
"UDP Query User{B3ADC59D-9013-49F6-A389-3644A8E37C16}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{C3CB5CF6-DF1E-4EE2-810C-6D374C13E0FF}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{D23BBA9B-725D-406D-BB33-DAF350075C47}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04FCD5DE-1662-4F99-BDA9-C57212113EF2}" = RemoteComms External Disk Access
"{050BE9FB-181F-EC92-1B73-FD0A06540980}" = ccc-core-static
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{18C82AA2-C027-CE2B-650D-0CE9385A9B15}" = ATI Catalyst Install Manager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1D128F6F-4E2D-DD5D-2A01-D6C7FACE9EE2}" = Catalyst Control Center Graphics Full New
"{20140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 (Beta)
"{20140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 (Beta)
"{20140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 (Beta)
"{20140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 (Beta)
"{20140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 (Beta)
"{20140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 (Beta)
"{20140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 (Beta)
"{20140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 (Beta)
"{20140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 (Beta)
"{20140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 (Beta)
"{20140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 (Beta)
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{289F35C8-1C46-DBDB-159C-EAD90767C9A6}" = Skins
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5645FB61-898F-4F59-AF80-52FEF3D63A64}" = HTC Sync
"{567B16C3-422B-8B38-570A-5B7EB186E7ED}" = Catalyst Control Center Localization German
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0520.1
"{7EE15962-8054-1E27-40F4-28B75F06C544}" = Catalyst Control Center Graphics Full Existing
"{80EBF9FB-92CE-75E9-B6A7-A3DC5B42214A}" = CCC Help German
"{84E116EA-76A3-BC83-5AC5-79307C0A2424}" = Catalyst Control Center InstallProxy
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8A3B9C93-EA80-757B-02B5-F72C4094274D}" = Catalyst Control Center Core Implementation
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 Test
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{934EA925-D447-AC0B-0671-31B561337FFB}" = ccc-utility
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.7
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A2D646B2-F2C4-BB8C-6EF7-B49205217F9E}" = Catalyst Control Center Graphics Light
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{BE3F26EE-F81B-4A50-8376-271F5CA84C5B}" = Catalyst Control Center - Branding
"{C19D7951-4884-CB9C-15E1-64CE7023449D}" = Catalyst Control Center HydraVision Full
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D9426B28-5B43-B9BB-A5B3-A67241E32F2F}" = CCC Help English
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ED8A1712-42CC-664A-8E5C-A90702470858}" = Catalyst Control Center Graphics Previews Vista
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F803D042-5A46-42E8-86CA-C8A0A5C63518}" = Iomega Encryption
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ares Tube_is1" = Ares Tube 3.0
"Auto_Files_Backup_System_2006.8" = Auto Backup Pro 2007.2.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CD MP3 Burner_is1" = CD MP3 Burner 3.00
"CloneDVD2" = CloneDVD2
"D-Fend Reloaded" = D-Fend Reloaded 1.0.0 (deinstallieren)
"DivX Setup.divx.com" = DivX-Setup
"FLV Player" = FLV Player 2.0 (build 25)
"Free Burn MP3-CD_is1" = Free Burn MP3-CD v1.2
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter
"GoldWave v5.56" = GoldWave v5.56
"Google Chrome" = Google Chrome
"Hype - The Time Quest" = Hype - The Time Quest
"ICQToolbar" = ICQ Toolbar
"IrfanView" = IrfanView (remove only)
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"NASCAR 2000 Demo" = NASCAR 2000 Demo
"Office14.SingleImage" = Microsoft Office Professional 2010
"pcsx2-r3113" = PCSX2 - Playstation 2 Emulator
"rayman2" = rayman2
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 39000" = Moonbase Alpha
"Steam App 440" = Team Fortress 2
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR
"ZMBV" = Zip Motion Block Video codec (Remove Only)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.03.2011 11:23:35 | Computer Name = Jerre-PC | Source = Bonjour Service | ID = 100
Description = 384: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 23.03.2011 11:28:26 | Computer Name = Jerre-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 23.03.2011 17:46:17 | Computer Name = Jerre-PC | Source = Bonjour Service | ID = 100
Description = 372: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 23.03.2011 17:46:17 | Computer Name = Jerre-PC | Source = Bonjour Service | ID = 100
Description = 380: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 23.03.2011 17:46:17 | Computer Name = Jerre-PC | Source = Bonjour Service | ID = 100
Description = 384: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 23.03.2011 17:46:17 | Computer Name = Jerre-PC | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 23.03.2011 18:16:56 | Computer Name = Jerre-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 23.03.2011 18:16:56 | Computer Name = Jerre-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15585
 
Error - 23.03.2011 18:16:56 | Computer Name = Jerre-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15585
 
Error - 25.03.2011 03:25:35 | Computer Name = Jerre-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DivXUpdate.exe, Version 1.0.1.10, Zeitstempel
 0x4c06fc6d, fehlerhaftes Modul MSVCP80.dll, Version 8.0.50727.4053, Zeitstempel
 0x4a594cd0, Ausnahmecode 0xc0000005, Fehleroffset 0x000100b5,  Prozess-ID 0xc10, 
Anwendungsstartzeit 01cbeab99416ac24.
 
[ System Events ]
Error - 07.06.2011 07:15:32 | Computer Name = Jerre-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 07.06.2011 um 13:13:32 unerwartet heruntergefahren.
 
Error - 07.06.2011 07:18:13 | Computer Name = Jerre-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 07.06.2011 07:18:13 | Computer Name = Jerre-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.06.2011 07:31:04 | Computer Name = Jerre-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 10.06.2011 um 13:29:19 unerwartet heruntergefahren.
 
Error - 11.06.2011 07:24:05 | Computer Name = Jerre-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 11.06.2011 um 13:21:31 unerwartet heruntergefahren.
 
Error - 13.06.2011 05:34:54 | Computer Name = Jerre-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 13.06.2011 um 11:32:40 unerwartet heruntergefahren.
 
Error - 13.06.2011 09:01:25 | Computer Name = Jerre-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 13.06.2011 um 11:42:46 unerwartet heruntergefahren.
 
Error - 13.06.2011 09:45:35 | Computer Name = Jerre-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 13.06.2011 um 15:43:44 unerwartet heruntergefahren.
 
Error - 13.06.2011 19:19:46 | Computer Name = Jerre-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 14.06.2011 um 01:17:39 unerwartet heruntergefahren.
 
Error - 13.06.2011 19:24:55 | Computer Name = Jerre-PC | Source = Service Control Manager | ID = 7022
Description = 
 
 
< End of report >
         
--- --- ---


Alt 14.06.2011, 12:39   #6
markusg
/// Malware-holic
 
Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich) - Standard

Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich)



wieso um himmels willen hat dein vista noch niemals updates gesehen
sp2 ist aktuell, du hast nicht mal sp1!
kommt später drann.

achtung!
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.


:OTL
PRC - C:\ProgramData\34922256.exe (Microsoft Corporation)
PRC - C:\ProgramData\lKMwrmNWsXvp.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3130919968-1706999109-4108593173-1000..\Run: [lKMwrmNWsXvp] C:\ProgramData\lKMwrmNWsXvp.exe (Microsoft Corporation)
[2011.06.14 01:21:22 | 000,000,000 | -H-D | C] -- C:\Users\Jerre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Restore
[2011.06.14 01:20:40 | 000,388,096 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\34922256.exe
[2011.06.14 12:42:25 | 000,000,400 | ---- | M] () -- C:\ProgramData\34922256
[2011.06.14 12:39:59 | 000,000,128 | ---- | M] () -- C:\ProgramData\~34922256r
[2011.06.14 12:39:59 | 000,000,104 | ---- | M] () -- C:\ProgramData\~34922256
[2011.06.14 01:21:23 | 000,000,593 | -H-- | M] () -- C:\Users\Jerre\Desktop\Windows Vista Restore.lnk
:Files
C:\ProgramData\34922256.exe
C:\ProgramData\lKMwrmNWsXvp.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.


lade unhide:
http://www.trojaner-board.de/54791-a...ner-board.html
__________________
--> Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich)

Alt 14.06.2011, 13:18   #7
Taifahrer
 
Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich) - Standard

Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich)



Das otl stürzt dann immer ab,.. bildshcirm wir dkomplett schwarz und im textfeld von otl steht nurnoch reboot und emptytemp..

Alt 14.06.2011, 13:20   #8
markusg
/// Malware-holic
 
Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich) - Standard

Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich)



starte im abgesicherten modus ohne netzwerk, vorher musst du dir das otl script mal abspeichern, dann führe otl erneut aus, pc startet dann wieder in den normalen modus
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.06.2011, 13:22   #9
Taifahrer
 
Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich) - Standard

Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich)



können wir das irgendwie per teamviewer machen? hab unhid egeladne, da wird nix angezeigt und moved files find ich bei :/C auch nicht

Alt 14.06.2011, 13:25   #10
markusg
/// Malware-holic
 
Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich) - Standard

Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich)



nein.
hast du das otl script ausgeführt oder nicht? hat das gerät neu gestartet?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.06.2011, 13:28   #11
Taifahrer
 
Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich) - Standard

Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich)



in wie fern ausgeführt? und was neu egstartet? das otl? wie soll ich das neu starten?

Alt 14.06.2011, 13:31   #12
markusg
/// Malware-holic
 
Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich) - Standard

Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich)



du solllst das machen was ich geschrieben hab, also zu erst das otl script ausführen, wenn du den ganzen text gelesen hättest hättest du gesehen das otl normalerweise den pc neu startet
wenn otl im normalen modus nicht geht, starte es im abegesicherten, wie das geht, habe ich bereits geschrieben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.06.2011, 14:13   #13
Taifahrer
 
Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich) - Standard

Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich)



abgesicherter modus hat nicht geklappt, internet war auf einmal irgendwie so weg dann tats auch,.. jedenfalls hier das dookument
All processes killed
========== OTL ==========
No active process named 34922256.exe was found!
No active process named lKMwrmNWsXvp.exe was found!
Registry value HKEY_USERS\S-1-5-21-3130919968-1706999109-4108593173-1000\Software\Microsoft\Windows\CurrentVersion\Run\\lKMwrmNWsXvp not found.
File C:\ProgramData\lKMwrmNWsXvp.exe not found.
Folder C:\Users\Jerre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Restore\ not found.
File C:\ProgramData\34922256.exe not found.
File C:\ProgramData\34922256 not found.
File C:\ProgramData\~34922256r not found.
File C:\ProgramData\~34922256 not found.
File C:\Users\Jerre\Desktop\Windows Vista Restore.lnk not found.
========== FILES ==========
File\Folder C:\ProgramData\34922256.exe not found.
File\Folder C:\ProgramData\lKMwrmNWsXvp.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jerre
->Flash cache emptied: 456 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jerre
->Temp folder emptied: 2509227952 bytes
->Temporary Internet Files folder emptied: 548216299 bytes
->Java cache emptied: 7821309 bytes
->FireFox cache emptied: 54029473 bytes
->Google Chrome cache emptied: 12970536 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 173138795 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56461954 bytes
RecycleBin emptied: 1934 bytes

Total Files Cleaned = 3.206,00 mb


OTL by OldTimer - Version 3.2.24.0 log created on 06142011_144649

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 14.06.2011, 14:20   #14
markusg
/// Malware-holic
 
Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich) - Standard

Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich)



ok

bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.06.2011, 15:30   #15
Taifahrer
 
Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich) - Standard

Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich)



hab die combo fix,.. nur das internet tut momentan nicht das spackt meistens an dem pc und dauert etwa sbis es dnan wieder tut, das ist kein schwerwiegendes problerm,.. ich sitz am laptop vom dad und die log befindet sich gespeichert auf meinem rechner,.. muss halt nur warten bis das internet funktioniert damit ich diese posten kann !

Antwort

Themen zu Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich)
anti-malware, autorun, bildschirm, disabletaskmgr, explorer, fehler, festplatte, hijack.displayproperties, hijack.taskmanager, icq, links, malwarebytes, microsoft, nicht öffnen, programme, scan, schwarzer bildschirm, software, suche, system, taskleiste, taskmanager, temp, trojan.dropper, virus, wallpaper



Ähnliche Themen: Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich)


  1. Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt
    Plagegeister aller Art und deren Bekämpfung - 16.02.2018 (27)
  2. Schwarzer bildschirm mit Fenster dass ich angeblich Kinderpornographie auf dem Rechner habe...
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (19)
  3. schwarzer Bildschirm, Bibliotheksordner leer, Festplatte angeblich defekt....
    Plagegeister aller Art und deren Bekämpfung - 04.03.2012 (23)
  4. Beschädigte Festplatte, schwarzer Bildschirm und unsichtbare Deteien
    Plagegeister aller Art und deren Bekämpfung - 26.08.2011 (3)
  5. Fake HDD. Schwarzer Bildschirm, Nachricht festplatte beschädight private Daten in Gefahr.
    Plagegeister aller Art und deren Bekämpfung - 10.07.2011 (11)
  6. Festplatte beschädigt, Bildschirm schwarz, Fährt nicht hoch
    Plagegeister aller Art und deren Bekämpfung - 06.07.2011 (28)
  7. TR/Fakealert.OV; Festplatte angeblich defekt; Schwarzer Desktop
    Log-Analyse und Auswertung - 01.07.2011 (16)
  8. Festplatte beschädigt durch Trojaner, Bildschirm schwarz
    Plagegeister aller Art und deren Bekämpfung - 25.06.2011 (11)
  9. Trojaner FakeMS --- Festplatte angeblich "beschädigt"
    Log-Analyse und Auswertung - 07.06.2011 (17)
  10. "Festplatte beschädigt"-Meldungen, schwarzer Desktop, alle Dateien versteckt
    Log-Analyse und Auswertung - 01.06.2011 (12)
  11. Schwarzer Bildschirm, alle dateien versteckt, hdd angeblich defekt
    Log-Analyse und Auswertung - 27.05.2011 (21)
  12. Trojaner/Virus: Festplatte beschädigt - Bildschirm schwarz - keine Dateien
    Log-Analyse und Auswertung - 23.05.2011 (45)
  13. Festplatte beschädigt, Dateien verschwunden, schwarzer Bildschirm
    Log-Analyse und Auswertung - 21.05.2011 (1)
  14. Schwarzer Hintergrund, RAM und Festplatte beschädigt
    Alles rund um Windows - 20.05.2011 (6)
  15. Schwarzer Bildschirm, kein Zugriff auf Festplatte
    Log-Analyse und Auswertung - 18.05.2011 (21)
  16. Festplatte beschädigt. Schwarzer Bildschirm.
    Plagegeister aller Art und deren Bekämpfung - 03.05.2011 (23)
  17. Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt
    Plagegeister aller Art und deren Bekämpfung - 21.04.2011 (1)

Zum Thema Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich) - Hallo Leute, da ich wahrscheinlich nur aufgrund dieses Virus /Trojaners hier sien werde, entshculdigt bitte alle Fehler die ich mache zwecks der nichtbeachtung von "Erst suchen dann posten-regel" oder "falsche - Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich)...
Archiv
Du betrachtest: Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.