| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: wider mal der 50 Euro virusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.01.2012, 16:07
| #1 |
 |  wider mal der 50 Euro virus Hallo, habe mir oben genannten virus/ trojaner eingefangen. Bitte um eure Hilfe. Ich lasse OTL gerade scannen und werde gleich die logs posten. mfg |
|
18.01.2012, 16:09
| #2 |
| /// Malware-holic   | wider mal der 50 Euro virus hi,
__________________pc neustarten, f8 drücken abgesicherter modus mit netzwerk wählen. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
18.01.2012, 16:37
| #3 |
| | wider mal der 50 Euro virus OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 1/18/2012 4:16:26 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Snapshot\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.98 Gb Total Physical Memory | 2.71 Gb Available Physical Memory | 68.17% Memory free 7.95 Gb Paging File | 6.72 Gb Available in Paging File | 84.54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 350.55 Gb Total Space | 227.62 Gb Free Space | 64.93% Space Free | Partition Type: NTFS Drive D: | 233.70 Gb Total Space | 76.34 Gb Free Space | 32.67% Space Free | Partition Type: NTFS Drive E: | 130.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: SNAPSHOT-MSI | User Name: Snapshot | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Snapshot\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.) SRV:64bit: - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.) SRV:64bit: - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (postgresql-8.4) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (MSI Foundation Service) -- C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe (MSI) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Micro Star SCM) -- C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV:64bit: - (BTMUSB) -- C:\Windows\SysNative\drivers\btmusb.sys (Motorola, Inc.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (BTMHID) -- C:\Windows\SysNative\drivers\btmhid.sys (Motorola, Inc.) DRV:64bit: - (BTMCOM) -- C:\Windows\SysNative\drivers\btmcom.sys (Motorola, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (fspad_xp64) -- C:\Windows\SysNative\drivers\fspad_xp64.sys (Sentelic Corporation) DRV:64bit: - (fspad_wlh64) -- C:\Windows\SysNative\drivers\fspad_wlh64.sys (Sentelic Corporation) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc) DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (NTIOLib_1_0_4) -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys (MSI) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (MSI_MSIBIOS_010507) -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys (Your Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://msi.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=100482&babsrc=HP_ss&mntrId=523d542f0000000000008ca98241d4d3 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=100482&babsrc=adbartrp&mntrId=523d542f0000000000008ca98241d4d3&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/10 01:43:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/21 21:29:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Snapshot\AppData\Roaming\5053 [2011/12/12 09:47:18 | 000,000,000 | ---D | M] [2011/06/18 14:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snapshot\AppData\Roaming\mozilla\Extensions [2012/01/16 02:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snapshot\AppData\Roaming\mozilla\Firefox\Profiles\n1sg5p09.default\extensions [2012/01/12 14:11:00 | 000,000,950 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\Mozilla\Firefox\Profiles\n1sg5p09.default\searchplugins\icqplugin-1.xml [2011/11/08 01:17:07 | 000,000,950 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\Mozilla\Firefox\Profiles\n1sg5p09.default\searchplugins\icqplugin-10.xml [2011/06/30 15:08:57 | 000,000,950 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\Mozilla\Firefox\Profiles\n1sg5p09.default\searchplugins\icqplugin-2.xml [2011/08/17 19:31:52 | 000,000,950 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\Mozilla\Firefox\Profiles\n1sg5p09.default\searchplugins\icqplugin-3.xml [2011/08/19 11:54:44 | 000,000,950 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\Mozilla\Firefox\Profiles\n1sg5p09.default\searchplugins\icqplugin-4.xml [2011/08/19 12:14:29 | 000,000,950 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\Mozilla\Firefox\Profiles\n1sg5p09.default\searchplugins\icqplugin-5.xml [2011/09/03 16:28:51 | 000,000,950 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\Mozilla\Firefox\Profiles\n1sg5p09.default\searchplugins\icqplugin-6.xml [2011/09/11 13:11:05 | 000,000,950 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\Mozilla\Firefox\Profiles\n1sg5p09.default\searchplugins\icqplugin-7.xml [2011/10/02 18:47:45 | 000,000,950 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\Mozilla\Firefox\Profiles\n1sg5p09.default\searchplugins\icqplugin-8.xml [2011/10/09 22:57:06 | 000,000,950 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\Mozilla\Firefox\Profiles\n1sg5p09.default\searchplugins\icqplugin-9.xml [2011/03/30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\Mozilla\Firefox\Profiles\n1sg5p09.default\searchplugins\icqplugin.xml [2011/11/09 18:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011/12/12 09:47:18 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\SNAPSHOT\APPDATA\ROAMING\5053 () (No name found) -- C:\USERS\SNAPSHOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N1SG5P09.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2012/01/10 01:43:30 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/03/22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011/10/03 20:37:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/01/07 16:54:05 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011/10/03 20:37:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/10/03 20:37:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011/06/19 13:30:03 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2011/10/03 20:37:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011/10/03 20:37:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011/10/03 20:37:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [THXCfg64] C:\windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Cinema ProII AP] C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe (Micro-Star Int'l Co., Ltd.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) O4 - HKLM..\Run: [msi LED Manager] C:\Program Files (x86)\msi\msi LED Manager\SLM.exe (msi) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [NVIDIAOCAP] C:\Program Files (x86)\MSI\NVIDIA Overclock Tool\NVIDIAOCAP.exe (MSI) O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe (TODO: <Company name>) O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd) O4 - HKLM..\Run: [TiltBreaker] C:\Program Files (x86)\Tilt Breaker\rundll32.exe File not found O4 - HKCU..\Run: [CPN Notifier] C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe File not found O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe (www.motioninjoy.com) O4 - HKCU..\Run: [Firefox helper] C:\Users\Snapshot\AppData\Roaming\Mozilla\Firefox\firefox.exe () O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKCU..\Run: [TiltBreaker] C:\Program Files (x86)\Tilt Breaker\rundll32.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm () O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A606FDE-BCF7-46CA-A072-EC3F518D56B9}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACB11BFB-515C-4A82-B3E4-4F90D1DF876F}: DhcpNameServer = 192.168.220.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6BD2981-1170-4796-87D2-0A2A6457E1DD}: DhcpNameServer = 10.101.0.3 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (C:\Users\Snapshot\AppData\Local\a2f760a4\X) -C:\Users\Snapshot\AppData\Local\a2f760a4\X () O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2002/12/28 15:50:44 | 000,000,059 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{76137573-6e84-11e0-8bc3-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{76137573-6e84-11e0-8bc3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\WSETUP\Setup.exe -- [2004/01/12 04:42:28 | 001,708,032 | R--- | M] (STD) O33 - MountPoints2\{d4902c35-9a5c-11e0-8e7a-6c626d319b6b}\Shell - "" = AutoRun O33 - MountPoints2\{d4902c35-9a5c-11e0-8e7a-6c626d319b6b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{f71b6c13-24dc-11e1-892c-6c626d319b6b}\Shell - "" = AutoRun O33 - MountPoints2\{f71b6c13-24dc-11e1-892c-6c626d319b6b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {AB17A4FD-4B4C-110C-5C73-6150A0A73E88} - Offline Browsing Pack ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {1DAD810F-4503-F76A-3E0C-7A07FCBFF8D2} - Microsoft Windows Media Player ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {297C4B13-E45A-6A85-D369-E70DC2F15E93} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {86E7825F-AE67-FB88-625F-A0BEA7FE96F1} - Java (Sun) ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9718B193-CCC0-7F98-4D85-9E136B96FF4D} - Offline Browsing Pack ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012/01/18 16:23:34 | 000,000,000 | ---D | C] -- C:\windows\Sun [2012/01/18 16:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Betsson Poker [2012/01/18 16:10:16 | 000,000,000 | ---D | C] -- C:\Betsson [2012/01/16 16:22:09 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Roaming\TeamViewer [2012/01/13 20:40:27 | 000,000,000 | ---D | C] -- C:\AVZ [2012/01/13 20:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012/01/13 20:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/01/13 20:18:38 | 000,000,000 | -HSD | C] -- C:\Users\Snapshot\AppData\Local\a2f760a4 [2012/01/11 01:09:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpadeIt [2012/01/07 16:54:04 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Local\Babylon [2012/01/07 16:54:03 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Roaming\Babylon [2012/01/07 16:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012/01/07 16:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft [2012/01/05 01:58:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TableNinja [2012/01/05 01:20:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Star Spy Plus [2012/01/03 16:02:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared [2012/01/03 15:37:34 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\Desktop\LongHUD [2012/01/03 01:37:16 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Roaming\Mozilla-Cache [2012/01/03 01:36:24 | 000,000,000 | ---D | C] -- C:\Programs [2012/01/02 23:53:10 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Roaming\Microgaming [2012/01/02 23:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\MGS [2011/12/28 23:44:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UVSPoker [2011/12/27 22:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActiveState ActivePython 2.7 (32-bit) [2011/12/27 22:59:12 | 000,000,000 | ---D | C] -- C:\Python27 [2011/12/27 22:36:50 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\.idlerc [2011/12/27 14:41:29 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\Documents\My Kindle Content [2011/12/27 14:41:22 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon [2011/12/27 14:41:17 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Local\Amazon [2011/12/26 22:54:14 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\temp [2011/12/26 19:22:12 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cake Poker 2.0 [2011/12/26 19:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cake Poker 2.0 [2011/12/25 23:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2011/12/25 19:18:27 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\.swt [2011/12/19 20:54:08 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Local\Hold'em_Manager [2011/12/19 20:53:45 | 000,000,000 | ---D | C] -- C:\HM2Archive [2011/12/19 20:51:29 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Roaming\HoldemManager [2011/12/19 20:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holdem Manager 2 [2011/12/19 20:48:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Holdem Manager 2 [5 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\Snapshot\AppData\Roaming\*.tmp files -> C:\Users\Snapshot\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/01/18 16:21:14 | 001,621,524 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/01/18 16:21:14 | 000,700,244 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012/01/18 16:21:14 | 000,654,956 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/01/18 16:21:14 | 000,149,040 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012/01/18 16:21:14 | 000,121,828 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/01/18 16:14:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/01/18 16:14:03 | 3203,469,312 | -HS- | M] () -- C:\hiberfil.sys [2012/01/18 16:10:17 | 000,001,476 | ---- | M] () -- C:\Users\Public\Desktop\Betsson Poker.lnk [2012/01/18 15:52:15 | 000,024,432 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/18 15:52:15 | 000,024,432 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/17 01:18:15 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\HoldemManager2.lnk [2012/01/11 01:14:24 | 000,000,046 | ---- | M] () -- C:\windows\Telescope.ini [2012/01/11 01:05:47 | 000,001,462 | ---- | M] () -- C:\Users\Snapshot\Documents\AutoHotkey.ahk [2012/01/07 16:54:10 | 000,000,237 | ---- | M] () -- C:\user.js [2012/01/05 01:59:07 | 000,000,045 | ---- | M] () -- C:\Users\Snapshot\AppData\Local\machpro.dat [2012/01/04 02:15:47 | 000,000,973 | ---- | M] () -- C:\Users\Snapshot\Desktop\PokerStove.lnk [2012/01/03 21:13:07 | 000,298,360 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/01/03 15:46:54 | 000,483,648 | ---- | M] () -- C:\Users\Snapshot\Desktop\alanparkercosmicocean.mp3 [2012/01/01 19:49:27 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars (No Update).lnk [2011/12/27 14:41:23 | 000,002,214 | ---- | M] () -- C:\Users\Snapshot\Desktop\Kindle.lnk [2011/12/26 19:22:12 | 000,001,066 | ---- | M] () -- C:\Users\Snapshot\Desktop\Cake Poker 2.0.lnk [2011/12/19 20:51:18 | 001,598,690 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [5 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\Snapshot\AppData\Roaming\*.tmp files -> C:\Users\Snapshot\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/01/18 16:10:17 | 000,001,476 | ---- | C] () -- C:\Users\Public\Desktop\Betsson Poker.lnk [2012/01/11 01:09:08 | 000,000,046 | ---- | C] () -- C:\windows\Telescope.ini [2012/01/07 16:54:09 | 000,000,237 | ---- | C] () -- C:\user.js [2012/01/05 02:11:14 | 000,001,462 | ---- | C] () -- C:\Users\Snapshot\Documents\AutoHotkey.ahk [2012/01/05 01:59:07 | 000,000,045 | ---- | C] () -- C:\Users\Snapshot\AppData\Local\machpro.dat [2012/01/03 16:02:06 | 000,002,051 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition 3.0.lnk [2012/01/03 15:46:54 | 000,483,648 | ---- | C] () -- C:\Users\Snapshot\Desktop\alanparkercosmicocean.mp3 [2012/01/01 19:49:27 | 000,001,935 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars (No Update).lnk [2011/12/27 14:41:23 | 000,002,214 | ---- | C] () -- C:\Users\Snapshot\Desktop\Kindle.lnk [2011/12/26 22:54:18 | 000,001,064 | ---- | C] () -- C:\Users\Snapshot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2011/12/26 19:22:12 | 000,001,066 | ---- | C] () -- C:\Users\Snapshot\Desktop\Cake Poker 2.0.lnk [2011/12/19 20:48:51 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\HoldemManager2.lnk [2011/12/02 17:46:24 | 001,313,744 | ---- | C] () -- C:\Users\Snapshot\AppData\Roaming\AcroFF052.dll [2011/11/22 00:28:48 | 000,000,054 | ---- | C] () -- C:\Users\Snapshot\AppData\Roaming\blckdom.res [2011/07/24 00:19:53 | 000,005,013 | ---- | C] () -- C:\ProgramData\kmytnfun.aqy [2011/07/18 00:01:37 | 000,033,792 | ---- | C] () -- C:\windows\SysWow64\drivers\libusb0.sys [2011/07/11 18:37:32 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll [2011/07/03 11:58:45 | 000,000,032 | ---- | C] () -- C:\ProgramData\ojea.aj [2011/06/24 12:38:34 | 000,353,280 | ---- | C] () -- C:\windows\SysWow64\pythoncom27.dll [2011/06/24 12:38:34 | 000,109,568 | ---- | C] () -- C:\windows\SysWow64\pywintypes27.dll [2011/06/23 18:55:26 | 001,598,690 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/06/21 13:55:04 | 000,000,016 | ---- | C] () -- C:\windows\SysWow64\msvcsv60.dll [2011/06/21 13:55:04 | 000,000,016 | ---- | C] () -- C:\windows\msocreg32.dat [2011/06/19 13:15:56 | 000,270,848 | ---- | C] () -- C:\windows\Uzerox_bs.exe [2011/06/18 21:53:36 | 000,000,000 | ---- | C] () -- C:\windows\HMHud.INI [2011/04/27 13:19:30 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll [2011/04/27 13:19:30 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll [2011/04/27 13:19:30 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll [2011/04/27 13:19:30 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll [2011/04/16 08:28:56 | 000,001,200 | ---- | C] () -- C:\windows\THXCfg_SP_APOIM.ini [2011/04/16 08:28:56 | 000,001,099 | ---- | C] () -- C:\windows\THXCfg_HP_APOIM.ini [2011/04/16 08:28:56 | 000,001,099 | ---- | C] () -- C:\windows\THXCfg_APOIM.ini [2011/04/16 08:28:55 | 000,182,272 | ---- | C] () -- C:\windows\SysWow64\APOMngr.DLL [2011/04/16 08:28:55 | 000,073,728 | ---- | C] () -- C:\windows\SysWow64\CmdRtr.DLL [2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat [2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat [2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\windows\SysWow64\drivers\StarOpen.sys [1997/11/17 16:13:16 | 000,010,240 | ---- | C] () -- C:\windows\SysWow64\vidx16.dll ========== LOP Check ========== [2011/11/22 00:28:54 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\5045 [2011/11/22 16:04:26 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\5047 [2011/11/23 14:12:17 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\5048 [2011/11/24 19:13:42 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\5049 [2011/11/25 17:44:50 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\5050 [2011/11/28 17:52:10 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\5051 [2011/12/01 19:40:53 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\5052 [2011/12/12 09:47:18 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\5053 [2011/12/12 09:47:14 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\5054 [2011/12/12 09:47:13 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\5055 [2011/09/29 18:07:01 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Amazon [2012/01/07 16:54:03 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Babylon [2011/12/27 22:55:28 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\calibre [2012/01/13 20:44:15 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\DAEMON Tools Lite [2011/11/07 19:06:32 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\DVDVideoSoft [2011/11/07 19:06:26 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\DVDVideoSoftIEHelpers [2011/06/28 14:45:10 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\HEM Data [2012/01/18 16:11:56 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\HoldemManager [2012/01/18 16:12:37 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\ICQ [2011/11/22 00:28:40 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\kock [2011/07/05 23:10:08 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Lionhead Studios [2012/01/03 00:31:14 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Microgaming [2011/07/18 00:09:53 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\MotioninJoy [2011/06/18 14:34:42 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Nuance [2011/11/07 20:54:31 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Opera [2011/07/24 00:15:22 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Pokerazor [2011/12/01 21:42:07 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\postgresql [2011/06/18 18:37:28 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Roaming [2011/07/02 01:01:59 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Samsung [2012/01/16 16:22:09 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\TeamViewer [2011/06/28 21:54:17 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\TuneUp Software [2011/12/07 14:33:08 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\UAs [2012/01/13 20:44:15 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\uTorrent [2011/06/19 13:27:47 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Waves Audio [2011/12/07 14:33:12 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\xmldm [2011/06/18 14:10:41 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Zeon [2011/11/10 18:16:57 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011/06/18 14:12:42 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012/01/13 20:41:00 | 000,000,000 | ---D | M] -- C:\AVZ [2012/01/18 16:12:34 | 000,000,000 | ---D | M] -- C:\Betsson [2011/02/14 22:42:54 | 000,000,000 | -HSD | M] -- C:\Boot [2011/04/16 09:01:26 | 000,000,000 | ---D | M] -- C:\CabLogs [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012/01/04 19:02:11 | 000,000,000 | ---D | M] -- C:\HM2Archive [2011/06/18 18:50:53 | 000,000,000 | ---D | M] -- C:\HMArchive [2011/04/16 08:17:26 | 000,000,000 | ---D | M] -- C:\Intel [2011/06/19 14:28:49 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012/01/11 19:04:54 | 000,000,000 | ---D | M] -- C:\Poker [2011/07/24 00:35:38 | 000,000,000 | ---D | M] -- C:\Pokerazor [2012/01/13 20:38:58 | 000,000,000 | R--D | M] -- C:\Program Files [2012/01/18 00:59:33 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012/01/11 01:13:24 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012/01/03 01:36:24 | 000,000,000 | ---D | M] -- C:\Programs [2011/12/27 22:59:43 | 000,000,000 | ---D | M] -- C:\Python27 [2011/06/18 14:05:34 | 000,000,000 | -HSD | M] -- C:\Recovery [2012/01/18 16:09:29 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011/06/18 14:50:34 | 000,000,000 | R--D | M] -- C:\Users [2011/06/18 14:09:45 | 000,000,000 | ---D | M] -- C:\Utility [2012/01/18 16:23:34 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010/11/21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTOR.SYS > [2011/01/13 01:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\drivers\iaStor.sys [2011/01/13 01:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys [2011/01/12 16:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_e3082ac13af8d3bf\iaStor.sys < MD5 for: IASTORV.SYS > [2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys [2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll [2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys [2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll [2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010/11/21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010/11/21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010/11/21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll [2010/11/21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe [2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe [2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2011/11/08 21:40:04 | 009,704,960 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\ieframe.dll [5 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2011/11/07 23:08:20 | 000,001,081 | ---- | M] () -- C:\Users\Snapshot\cinema.txt [2011/07/28 15:50:56 | 000,000,177 | ---- | M] () -- C:\Users\Snapshot\monatliche Überweisungen.txt [2012/01/18 16:35:35 | 002,621,440 | -HS- | M] () -- C:\Users\Snapshot\ntuser.dat [2012/01/18 16:35:35 | 000,262,144 | -HS- | M] () -- C:\Users\Snapshot\ntuser.dat.LOG1 [2011/06/18 14:07:18 | 000,000,000 | -HS- | M] () -- C:\Users\Snapshot\ntuser.dat.LOG2 [2011/06/18 15:19:06 | 000,065,536 | -HS- | M] () -- C:\Users\Snapshot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011/06/18 15:19:06 | 000,524,288 | -HS- | M] () -- C:\Users\Snapshot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011/06/18 15:19:06 | 000,524,288 | -HS- | M] () -- C:\Users\Snapshot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011/12/12 00:54:46 | 000,065,536 | -HS- | M] () -- C:\Users\Snapshot\ntuser.dat{8a5b8f61-2452-11e1-ae20-6c626d319b6b}.TM.blf [2011/12/12 00:54:46 | 000,524,288 | -HS- | M] () -- C:\Users\Snapshot\ntuser.dat{8a5b8f61-2452-11e1-ae20-6c626d319b6b}.TMContainer00000000000000000001.regtrans-ms [2011/12/12 00:54:46 | 000,524,288 | -HS- | M] () -- C:\Users\Snapshot\ntuser.dat{8a5b8f61-2452-11e1-ae20-6c626d319b6b}.TMContainer00000000000000000002.regtrans-ms [2011/06/18 14:07:18 | 000,000,020 | -HS- | M] () -- C:\Users\Snapshot\ntuser.ini [2011/12/29 00:20:08 | 000,076,055 | ---- | M] () -- C:\Users\Snapshot\pokerclient.log [2011/07/16 23:08:59 | 000,001,331 | ---- | M] () -- C:\Users\Snapshot\vault.txt < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID < End of report > |
|
18.01.2012, 16:38
| #4 |
| | wider mal der 50 Euro virus OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 1/18/2012 4:16:26 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Snapshot\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.98 Gb Total Physical Memory | 2.71 Gb Available Physical Memory | 68.17% Memory free
7.95 Gb Paging File | 6.72 Gb Available in Paging File | 84.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 350.55 Gb Total Space | 227.62 Gb Free Space | 64.93% Space Free | Partition Type: NTFS
Drive D: | 233.70 Gb Total Space | 76.34 Gb Free Space | 32.67% Space Free | Partition Type: NTFS
Drive E: | 130.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: SNAPSHOT-MSI | User Name: Snapshot | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb" = Adobe Audition 3.0 Vista Compatibility
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.39
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.39
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.39
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger Sensing Pad Driver
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"FF7Music" = FF7Music
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Motorola Bluetooth_is1" = Motorola Bluetooth
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B82D6C6-9ECC-4710-97AB-5CE482E72852}_is1" = TableScan Turbo RC4 build 8
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{311EEFFE-8354-42D8-B2A0-A0666689F69F}" = Alesis io|2 ASIO Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34B61214-F4D3-4449-A918-F52A36FB2F71}" = msi LED Manager
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{42146C53-4D93-46EF-A221-734B08978E1B}" = calibre
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{49351FE8-DB8F-4C56-9DA6-B2D6CE3F7BF8}" = ActiveState ActivePython 2.7.2.5 (32-bit)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}" = THX TruStudio Pro
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.24
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84249940-76C0-4BFB-BE02-161EEF0286A0}" = NVIDIA Overclock Tool
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_STANDARD_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{9FCCC8D1-3152-4699-8793-6CB0B9E26EBB}" = Miroslav Philharmonik Instruments
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A840FFFB-3A80-4C24-AB34-BE9F56BEB4CE}" = msi Software Install
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B23EE947-7159-4625-960C-299F27F0D3BD}_is1" = 2.0
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BA0D0121-A3BA-487D-9C78-7AB0E676C722}" = Miroslav Philharmonik
"{C13926BE-159B-4494-BEEC-AB6E207F70AD}" = Cinema ProII Setup
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5597C9-9216-44FF-9670-D1E48817B998}" = MSI HOUSE
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = EasyViewer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Betsson Poker_is1" = Betsson Poker 1.0.0
"Cake Poker 2.0" = Cake Poker 2.0
"CanonMyPrinter" = Canon My Printer
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DAEMON Tools Lite" = DAEMON Tools Lite
"Edirol HQ Orchestral VSTi v1.03" = Edirol HQ Orchestral VSTi v1.03
"Fifa 12 (c) Electronic Arts_is1" = Fifa 12 (c) Electronic Arts version 1
"Final Fantasy VII" = Final Fantasy VII
"FL Studio 10" = FL Studio 10
"HoldemManager2" = Holdem Manager 2
"i-Charger_is1" = i-Charger
"IL Download Manager" = IL Download Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = EasyViewer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Minimonsta" = GForce - Minimonsta
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Native Instruments Akoustik Piano" = Native Instruments Akoustik Piano
"Native Instruments FM8" = Native Instruments FM8
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pianoteq23" = Pianoteq v2.3.0
"PokerStars" = PokerStars
"PokerStars Shortcut1.0" = PokerStars Shortcut
"PostgreSQL 8.4" = PostgreSQL 8.4
"Revo Uninstaller" = Revo Uninstaller 1.92
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Sonnox Oxford Inflator Native VST_is1" = Sonnox Oxford Inflator Native VST v1.5.1
"Soulseek2" = SoulSeek 157 NS 13e
"STANDARD" = Microsoft Office Standard 2007
"Steinberg Hypersonic VSTi DXi_is1" = Steinberg Hypersonic VSTi DXi v2.0
"Super-Charger_is1" = Super-Charger
"TeamViewer 6" = TeamViewer 6
"TPS_module" = TPS_module (remove only)
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.10
"Waves SSL Collection v1.2" = Waves SSL Collection v1.2
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Zero-X BeatSlicer" = Zero-X BeatSlicer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"pycrypto-py2.7" = Python 2.7 pycrypto-2.1.0
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 1/18/2012 10:36:40 AM | Computer Name = Snapshot-MSI | Source = MSI Foundation Service | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.NullReferenceException:
Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei MSI_Fire.MSIFireService.EnumRegistryValue()
bei MSI_Fire.MSIFireService.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 1/18/2012 10:36:48 AM | Computer Name = Snapshot-MSI | Source = PostgreSQL | ID = 0
Description = 2012-01-18 15:36:48 CETFATAL: the database system is starting up
Error - 1/18/2012 10:36:50 AM | Computer Name = Snapshot-MSI | Source = PostgreSQL | ID = 0
Description = 2012-01-18 15:36:50 CETFATAL: the database system is starting up
Error - 1/18/2012 10:36:51 AM | Computer Name = Snapshot-MSI | Source = PostgreSQL | ID = 0
Description = 2012-01-18 15:36:51 CETFATAL: the database system is starting up
Error - 1/18/2012 10:36:52 AM | Computer Name = Snapshot-MSI | Source = PostgreSQL | ID = 0
Description = 2012-01-18 15:36:52 CETFATAL: the database system is starting up
Error - 1/18/2012 11:11:48 AM | Computer Name = Snapshot-MSI | Source = PostgreSQL | ID = 0
Description = 2012-01-18 16:11:48 CETERROR: relation "readsettings" already exists
2012-01-18
16:11:48 CETSTATEMENT: CREATE TABLE readsettings ( lastid bigint, lasttournament
bigint, databaseversion text, lastomahacash bigint, lastomahatournament bigint
)
WITH
( OIDS=FALSE ); ALTER TABLE readsettings OWNER TO postgres; insert into readsettings
values(0,0,'12',0,0);
Error - 1/18/2012 11:11:48 AM | Computer Name = Snapshot-MSI | Source = PostgreSQL | ID = 0
Description = 2012-01-18 16:11:48 CETERROR: relation "notecaddy_data" already exists
2012-01-18
16:11:48 CETSTATEMENT: CREATE TABLE notecaddy_data ( player_id integer NOT NULL,
data
text, CONSTRAINT ncd PRIMARY KEY (player_id) ); ALTER TABLE notecaddy_data OWNER TO
postgres;
Error - 1/18/2012 11:11:48 AM | Computer Name = Snapshot-MSI | Source = PostgreSQL | ID = 0
Description = 2012-01-18 16:11:48 CETERROR: relation "notecaddy_scatter" already
exists 2012-01-18 16:11:48 CETSTATEMENT: CREATE TABLE notecaddy_scatter ( player_id
integer NOT NULL, data text, CONSTRAINT ncs PRIMARY KEY (player_id) );
Error - 1/18/2012 11:15:58 AM | Computer Name = Snapshot-MSI | Source = WinMgmt | ID = 10
Description =
Error - 1/18/2012 11:24:30 AM | Computer Name = Snapshot-MSI | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 10/21/2011 11:33:17 AM | Computer Name = Snapshot-MSI | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 10/21/2011 11:34:24 AM | Computer Name = Snapshot-MSI | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 10/21/2011 12:02:09 PM | Computer Name = Snapshot-MSI | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 10/21/2011 12:43:00 PM | Computer Name = Snapshot-MSI | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 10/21/2011 4:31:16 PM | Computer Name = Snapshot-MSI | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 10/21/2011 4:46:34 PM | Computer Name = Snapshot-MSI | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 10/21/2011 5:06:07 PM | Computer Name = Snapshot-MSI | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 10/22/2011 7:09:11 AM | Computer Name = Snapshot-MSI | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 10/22/2011 7:24:48 AM | Computer Name = Snapshot-MSI | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 10/22/2011 8:38:33 AM | Computer Name = Snapshot-MSI | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
< End of report >
|
|
18.01.2012, 16:52
| #5 |
| /// Malware-holic | wider mal der 50 Euro virusCombofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.01.2012, 17:18
| #6 |
| | wider mal der 50 Euro virus Combofix Logfile: Code:
ATTFilter ComboFix 12-01-18.04 - Snapshot 18.01.2012 16:59:36.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4073.2658 [GMT 1:00]
ausgeführt von:: c:\users\Snapshot\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20111229104406.125599
c:\programdata\NOTEPAD.EXE-x.txt
c:\programdata\RUNDLL32.EXE-x.txt
c:\users\Snapshot\AppData\Local\a2f760a4\U
c:\users\Snapshot\AppData\Local\a2f760a4\U\80000000.@
c:\users\Snapshot\AppData\Local\a2f760a4\U\800000cb.@
c:\users\Snapshot\AppData\Local\a2f760a4\U\800000cf.@
c:\users\Snapshot\AppData\Local\a2f760a4\X
c:\users\Snapshot\AppData\Local\Temp\jna6137104843751228740.tmp
c:\users\Snapshot\AppData\Local\Temp\swtlib-32\swt-awt-win32-3631.dll
c:\users\Snapshot\AppData\Local\Temp\swtlib-32\swt-win32-3631.dll
c:\users\Snapshot\AppData\Roaming\AcroFF052.dll
c:\users\Snapshot\AppData\Roaming\AcroIEHelpe.txt
c:\users\Snapshot\AppData\Roaming\Mozilla\Firefox\firefox.exe
c:\users\Snapshot\AppData\Roaming\Roaming
c:\users\Snapshot\AppData\Roaming\Roaming\HoldemManager\config\FTPRushTables.xml
c:\users\Snapshot\AppData\Roaming\srvblck2.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\ICON.ico
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\SET512C.tmp
c:\windows\SysWow64\SET8AED.tmp
c:\windows\SysWow64\SETAD5C.tmp
c:\windows\SysWow64\SETB16B.tmp
c:\windows\SysWow64\SETD323.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-18 bis 2012-01-18 ))))))))))))))))))))))))))))))
.
.
2012-01-18 15:52 . 2012-01-18 15:52 -------- d-----w- c:\users\Snapshot\AppData\Local\ElevatedDiagnostics
2012-01-18 15:23 . 2012-01-18 15:23 -------- d-----w- c:\windows\Sun
2012-01-18 15:10 . 2012-01-18 15:28 -------- d-----w- C:\Betsson
2012-01-16 15:22 . 2012-01-16 15:22 -------- d-----w- c:\users\Snapshot\AppData\Roaming\TeamViewer
2012-01-13 19:40 . 2012-01-13 19:41 -------- d-----w- C:\AVZ
2012-01-13 19:38 . 2012-01-13 19:39 -------- d-----w- c:\program files\CCleaner
2012-01-13 19:18 . 2012-01-18 16:04 -------- d-sh--w- c:\users\Snapshot\AppData\Local\a2f760a4
2012-01-11 00:09 . 2012-01-11 00:09 -------- d-----w- c:\program files (x86)\SpadeIt
2012-01-10 00:43 . 2012-01-10 00:43 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-10 00:43 . 2012-01-10 00:43 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-10 00:43 . 2012-01-10 00:43 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-10 00:43 . 2012-01-10 00:43 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-07 15:54 . 2012-01-07 15:54 237 ----a-w- C:\user.js
2012-01-07 15:54 . 2012-01-07 15:54 -------- d-----w- c:\users\Snapshot\AppData\Local\Babylon
2012-01-07 15:54 . 2012-01-07 15:54 -------- d-----w- c:\users\Snapshot\AppData\Roaming\Babylon
2012-01-07 15:54 . 2012-01-07 15:54 -------- d-----w- c:\programdata\Babylon
2012-01-07 15:52 . 2012-01-07 15:52 -------- d-----w- c:\program files (x86)\eRightSoft
2012-01-05 00:58 . 2012-01-05 01:03 -------- d-----w- c:\program files (x86)\TableNinja
2012-01-05 00:20 . 2012-01-10 22:19 -------- d-----w- c:\program files (x86)\Star Spy Plus
2012-01-03 15:02 . 2012-01-03 15:02 -------- d-----w- c:\program files (x86)\Common Files\Adobe Systems Shared
2012-01-03 00:37 . 2012-01-03 00:37 -------- d-----w- c:\users\Snapshot\AppData\Roaming\Mozilla-Cache
2012-01-03 00:36 . 2012-01-03 00:36 -------- d-----w- C:\Programs
2012-01-02 22:53 . 2012-01-02 23:31 -------- d-----w- c:\users\Snapshot\AppData\Roaming\Microgaming
2012-01-02 22:51 . 2012-01-02 22:51 -------- d-----w- c:\programdata\MGS
2011-12-28 22:44 . 2011-12-29 15:51 -------- d-----w- c:\program files (x86)\UVSPoker
2011-12-27 21:59 . 2011-12-27 21:59 -------- d-----w- C:\Python27
2011-12-27 21:36 . 2011-12-27 21:36 -------- d-----w- c:\users\Snapshot\.idlerc
2011-12-27 13:41 . 2011-12-27 13:41 -------- d-----w- c:\users\Snapshot\AppData\Local\Amazon
2011-12-26 21:54 . 2011-12-26 21:54 -------- d-----w- c:\users\Snapshot\temp
2011-12-26 18:22 . 2011-12-26 18:22 -------- d---a-w- c:\program files (x86)\Cake Poker 2.0
2011-12-26 14:54 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5159B678-3F08-4742-AC8F-2681BC946E49}\mpengine.dll
2011-12-25 22:06 . 2012-01-18 16:04 -------- d-----w- c:\programdata\boost_interprocess
2011-12-25 18:18 . 2011-12-25 18:18 -------- d-----w- c:\users\Snapshot\.swt
2011-12-19 19:54 . 2011-12-19 19:54 -------- d-----w- c:\users\Snapshot\AppData\Local\Hold'em_Manager
2011-12-19 19:53 . 2012-01-04 18:02 -------- d-----w- C:\HM2Archive
2011-12-19 19:51 . 2012-01-18 15:11 -------- d-----w- c:\users\Snapshot\AppData\Roaming\HoldemManager
2011-12-19 19:48 . 2012-01-17 00:18 -------- d-----w- c:\program files (x86)\Holdem Manager 2
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 14:24 . 2011-12-11 23:50 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-15 13:29 . 2010-11-21 03:27 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-08 20:40 . 2011-11-08 20:40 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-11-08 20:40 . 2011-11-08 20:40 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-11-08 20:40 . 2011-11-08 20:40 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-11-08 20:40 . 2011-11-08 20:40 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-11-08 20:40 . 2011-11-08 20:40 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-11-08 20:40 . 2011-11-08 20:40 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-11-08 20:40 . 2011-11-08 20:40 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-11-08 20:40 . 2011-11-08 20:40 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-11-08 20:40 . 2011-11-08 20:40 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-11-08 20:40 . 2011-11-08 20:40 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-11-08 20:40 . 2011-11-08 20:40 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-11-08 20:40 . 2011-11-08 20:40 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-11-08 20:40 . 2011-11-08 20:40 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-08 20:40 . 2011-11-08 20:40 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-11-08 20:40 . 2011-11-08 20:40 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-11-08 20:40 . 2011-11-08 20:40 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-11-08 20:40 . 2011-11-08 20:40 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-11-08 20:40 . 2011-11-08 20:40 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-08 20:40 . 2011-11-08 20:40 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-11-08 20:40 . 2011-11-08 20:40 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-08 20:40 . 2011-11-08 20:40 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-11-08 20:40 . 2011-11-08 20:40 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-11-08 20:40 . 2011-11-08 20:40 222208 ----a-w- c:\windows\system32\msls31.dll
2011-11-08 20:40 . 2011-11-08 20:40 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-11-08 20:40 . 2011-11-08 20:40 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-11-08 20:40 . 2011-11-08 20:40 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-11-08 20:40 . 2011-11-08 20:40 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-11-08 20:40 . 2011-11-08 20:40 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-11-08 20:40 . 2011-11-08 20:40 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-11-08 20:40 . 2011-11-08 20:40 448512 ----a-w- c:\windows\system32\html.iec
2011-11-08 20:40 . 2011-11-08 20:40 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-08 20:40 . 2011-11-08 20:40 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-08 20:40 . 2011-11-08 20:40 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-08 20:40 . 2011-11-08 20:40 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-08 20:40 . 2011-11-08 20:40 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-11-08 20:40 . 2011-11-08 20:40 160256 ----a-w- c:\windows\system32\wextract.exe
2011-11-08 20:40 . 2011-11-08 20:40 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-08 20:40 . 2011-11-08 20:40 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-11-08 20:40 . 2011-11-08 20:40 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-11-08 20:40 . 2011-11-08 20:40 12288 ----a-w- c:\windows\system32\mshta.exe
2011-11-08 20:40 . 2011-11-08 20:40 114176 ----a-w- c:\windows\system32\admparse.dll
2011-11-08 20:40 . 2011-11-08 20:40 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-07 22:04 . 2011-06-18 14:04 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2011-01-01 110352]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Cinema ProII AP"="c:\program files (x86)\MSI\Cinema ProII\CinemaProII.exe" [2011-01-25 200192]
"NVIDIAOCAP"="c:\program files (x86)\MSI\NVIDIA Overclock Tool\NVIDIAOCAP.exe" [2010-10-20 83456]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-18 1351680]
"msi LED Manager"="c:\program files (x86)\msi\msi LED Manager\SLM.exe" [2010-07-29 2795008]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\StartSuperCharger.exe" [2011-01-25 303104]
"MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2009-11-06 2244608]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Reader\Ereg\Ereg.ini"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Cinema ProII Controler"=c:\program files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe
"Live Update 5"=c:\program files (x86)\MSI\Live Update 5\LU5.exe /reminder
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MSI Foundation Service;MSI Foundation Service;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-07-16 12800]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-07-15 1188616]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [x]
R3 BTMHID;BTMHID;c:\windows\system32\drivers\btmhid.sys [x]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 fspad_xp64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_xp64;c:\windows\system32\drivers\fspad_xp64.sys [x]
R3 MGHwCtrl;MGHwCtrl;c:\program files\msi\msi Software Install\MGHwCtrl.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-10 33592]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-07-16 679176]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-24 378984]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-07-27 4150536]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-16 1028096]
S3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;c:\windows\system32\drivers\fspad_wlh64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-14 11777128]
"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?AF=100482&babsrc=HP_ss&mntrId=523d542f0000000000008ca98241d4d3
mStart Page = hxxp://msi.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: DhcpNameServer = 192.168.220.1
FF - ProfilePath - c:\users\Snapshot\AppData\Roaming\Mozilla\Firefox\Profiles\n1sg5p09.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100482&babsrc=adbartrp&mntrId=523d542f0000000000008ca98241d4d3&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 523d542f0000000000008ca98241d4d3
FF - user.js: extensions.BabylonToolbar_i.hardId - 523d542f0000000000008ca98241d4d3
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15346
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:54
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-TiltBreaker - c:\program files (x86)\Tilt Breaker\rundll32.exe
Wow6432Node-HKCU-Run-CPN Notifier - c:\program files (x86)\Cake Poker 2.0\PokerNotifier.exe
Wow6432Node-HKCU-Run-Firefox helper - c:\users\Snapshot\AppData\Roaming\Mozilla\Firefox\firefox.exe
Wow6432Node-HKLM-Run-TiltBreaker - c:\program files (x86)\Tilt Breaker\rundll32.exe
Toolbar-Locked - (no file)
HKLM-Run-fspuip - c:\program files (x86)\FSP\fspuip.exe
AddRemove-Final Fantasy VII - c:\windows\IsUn0407.exe
AddRemove-SAMSUNG Mobile USB Modem 1.0 - c:\windows\system32\Samsung\SS_Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-18 17:10:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-01-18 16:10
.
Vor Suchlauf: 17 Verzeichnis(se), 244.398.845.952 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 244.174.495.744 Bytes frei
.
- - End Of File - - 9AF4563D4BFA10586297D50449DA9EBC
|
|
18.01.2012, 17:22
| #7 |
| /// Malware-holic | wider mal der 50 Euro virus öffne bitte computer, c: qoobox rechtsklick quarantain, mit winrar packen und archiv hochladen bitte http://upload.trojaner-board.de
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.01.2012, 17:29
| #8 |
| | wider mal der 50 Euro virus erledigt!!! |
|
18.01.2012, 17:31
| #9 |
| /// Malware-holic | wider mal der 50 Euro virus danke dir. nutzt du das system für onlinebanking, einkäufe sonstige zahlungsabwicklungn oder ähnlich wichtiges, wie zb berufliches?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.01.2012, 19:06
| #10 |
| | wider mal der 50 Euro virus ja tu ich...its das im nachinein problematisch? |
|
18.01.2012, 20:10
| #11 |
| /// Malware-holic | wider mal der 50 Euro virus hi, ja das ist problematisch,denn du hattest ein rootkit auf dem pc, und er ist damit nicht mehr vertrauenswürdig. 1. morgen als erstes die bank anrufen, banking sperren lassen wegen max++ rootkit. (falls du onlinebanking machst.) der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu wider mal der 50 Euro virus |
| 50 euro, 50 euro virus, euro, poste, scan, scanne, scannen, troja, trojaner, virus, wider |
Linear-Darstellung
