| |
| |||||||
Log-Analyse und Auswertung: explorer.exe infectedWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
28.08.2010, 20:22
| #1 |
 |  explorer.exe infected Hallo Zusammen, mein Explorer stürzt seit ein paar Tagen des öfteren ab. Ich habe die explorer.exe bei Virustotal gecheckt und 3 von den 41 sagen infected/modified. VirusTotal - Free Online Virus, Malware and URL Scanner Hijack logfile: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:02:57, on 28.08.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\DAEMON Tools Net\DTAgent.exe C:\Program Files (x86)\Logitech\G35\G35.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Tango - {5FBA0E3E-786B-42EE-B8C0-2ADB116384C9} - C:\Windows\SysWow64\3a78.dll (file missing) O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DAEMON Tools Net Agent] "C:\Program Files (x86)\DAEMON Tools Net\DTAgent.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\SysWow64\DreamScene.dll (file missing) O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: DTNetService - DT Soft Ltd - C:\Program Files (x86)\DAEMON Tools Net\DTNetSrv.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Fax - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SpyHunter 4 Service - Unknown owner - C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9961 bytes bin um jeden tipp dankbar!! |
|
28.08.2010, 20:54
| #2 |
  | explorer.exe infected Hi,
__________________ist das in 64-Bit System? Da gibt es wenige Tools die richtig funktionieren... Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
Wobei stürzt der Explorer ab, wenn Du Verzeichniss aufrufst in denen Bilder/Videos liegen? chris
__________________ |
|
28.08.2010, 21:15
| #3 |
| | explorer.exe infected Danke für die rasche Antwort.
__________________Grundsätzlich kann ich nicht sagen wann ist immer verschieden. Allerdings wenn ich der Logitech Setpoint auf Update prüfen klicke stürtz er auch ab und dort immer. Aber ist das normal das der Virustotalcheck Trojaner bzw Malware anzeigt in dieser exe Datei?? Es ist ein 64 Bit System. Malwarebytes hab ich schon zich mal drüber laufen lassen hat nicht gebracht. OTL Logfile: OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.08.2010 22:11:40 - Run 2 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\magy\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 80.00% Memory free 16.00 Gb Paging File | 14.00 Gb Available in Paging File | 89.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 186.21 Gb Total Space | 39.59 Gb Free Space | 21.26% Space Free | Partition Type: NTFS Drive D: | 232.88 Gb Total Space | 13.40 Gb Free Space | 5.76% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MAGY-PC Current User Name: magy Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\magy\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\DAEMON Tools Net\DTShellHlp.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\DAEMON Tools Net\DTNetSrv.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) ========== Modules (SafeList) ========== MOD - C:\Users\magy\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (DTNetService) -- C:\Program Files (x86)\DAEMON Tools Net\DTNetSrv.exe (DT Soft Ltd) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\SBREDrv.sys (Sunbelt Software) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech) DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBMULCD) -- C:\Windows\SysNative\drivers\CM10664.sys (C-Media Inc) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (dtcdrom) -- C:\Windows\SysWOW64\drivers\dtcdrom.sys (Disc-Soft) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 C1 35 FA 83 55 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.the-sealanders.ch/paintball/index.php" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.08.22 19:33:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.08.28 15:42:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.08.28 15:42:59 | 000,000,000 | ---D | M] [2009.10.26 19:51:49 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\mozilla\Extensions [2009.10.26 19:51:49 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2010.08.28 20:27:02 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\mozilla\Firefox\Profiles\2lq04ze3.default\extensions [2010.03.27 17:08:46 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\magy\AppData\Roaming\mozilla\Firefox\Profiles\2lq04ze3.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.08.28 19:01:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.08.25 14:01:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.03.27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll [2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.28 15:50:17 | 000,001,820 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 0 more lines... O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Tango) - {5FBA0E3E-786B-42EE-B8C0-2ADB116384C9} - C:\Windows\SysWow64\3a78.dll File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll File not found O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysWow64\DreamScene.dll File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.08.28 15:38:31 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{12139b68-1bdf-11df-b05d-002354078035}\Shell - "" = AutoRun O33 - MountPoints2\{12139b68-1bdf-11df-b05d-002354078035}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{d6b503d3-f32b-11de-96df-002354078035}\Shell - "" = AutoRun O33 - MountPoints2\{d6b503d3-f32b-11de-96df-002354078035}\Shell\AutoRun\command - "" = G:\STEAMBACKUP.EXE -- File not found O33 - MountPoints2\{dd9cd1a0-ae10-11df-9d89-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{dd9cd1a0-ae10-11df-9d89-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Installer.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.28 22:10:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\magy\Desktop\OTL.exe [2010.08.28 21:16:34 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\CrashDumps [2010.08.28 20:21:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Backup [2010.08.28 20:21:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\C-CHANNEL [2010.08.28 19:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010.08.28 17:09:53 | 000,000,000 | ---D | C] -- C:\Users\magy\Documents\Anti-Malware [2010.08.28 16:35:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2010.08.28 16:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010.08.28 16:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2010.08.28 16:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2010.08.28 16:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2010.08.28 15:48:48 | 000,000,000 | ---D | C] -- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP [2010.08.28 15:37:37 | 000,000,000 | ---D | C] -- C:\Windows\95431C66CF9A4913BFFF6050785AFB65.TMP [2010.08.27 17:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70} [2010.08.27 17:44:14 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Roaming\Malwarebytes [2010.08.27 17:44:06 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.08.27 17:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.27 16:10:46 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\Logishrd [2010.08.27 16:10:17 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2010.08.27 16:09:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd [2010.08.27 16:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2010.08.27 16:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd [2010.08.27 16:05:42 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Roaming\Logishrd [2010.08.27 12:41:37 | 000,000,000 | ---D | C] -- C:\AdobeTemp [2010.08.27 11:55:41 | 000,234,048 | ---- | C] (Disc-Soft) -- C:\Windows\SysWow64\drivers\dtcdrom.sys [2010.08.26 18:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2010.08.26 18:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2010.08.25 14:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.08.25 14:01:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010.08.25 14:01:28 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010.08.25 14:01:28 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.08.25 14:01:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.08.25 14:01:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.08.25 12:12:13 | 000,000,000 | ---D | C] -- C:\Users\magy\Documents\StarCraft II [2010.08.25 12:12:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II [2010.08.25 12:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2010.08.25 12:12:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2010.08.25 11:06:20 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2010.08.24 16:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2010.08.24 16:00:13 | 005,107,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2010.08.24 16:00:13 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2010.08.24 16:00:13 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2010.08.24 16:00:13 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd [2010.08.24 16:00:12 | 019,114,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2010.08.24 16:00:12 | 014,092,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2010.08.24 16:00:12 | 000,382,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll [2010.08.24 16:00:12 | 000,314,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll [2010.08.24 16:00:10 | 012,471,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2010.08.24 16:00:10 | 003,089,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2010.08.24 16:00:10 | 002,892,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2010.08.24 16:00:10 | 002,761,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2010.08.24 16:00:10 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2010.08.24 16:00:09 | 014,513,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2010.08.24 16:00:09 | 010,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2010.08.24 16:00:09 | 006,116,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2010.08.24 16:00:09 | 004,553,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2010.08.24 16:00:09 | 001,625,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2010.08.24 16:00:09 | 000,260,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1922.dll [2010.08.24 16:00:09 | 000,260,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll [2010.08.23 22:03:00 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\id Software [2010.08.23 20:34:47 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache [2010.08.22 19:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2010.08.22 19:36:41 | 000,000,000 | ---D | C] -- C:\Users\magy\Adobe Flash Builder 4 [2010.08.22 19:34:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe [2010.08.22 19:30:05 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys [2010.08.22 19:30:05 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys [2010.08.22 19:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name [2010.08.22 18:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Net [2010.08.22 18:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Net [2010.08.22 18:54:37 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Roaming\DAEMON Tools Net [2010.08.14 17:10:21 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\Sunbelt Software [2010.08.14 17:09:43 | 000,093,360 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2010.08.14 16:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.08.14 12:24:43 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\tysepamao [2010.08.14 12:24:41 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\xydepqlqn [2010.08.14 12:24:32 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\Windows Server [2010.08.14 12:24:25 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Roaming\E489084B2DBCBD550FA6616675C2950C [2010.08.11 17:51:08 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll [2010.08.11 17:50:57 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.08.11 17:50:57 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.08.11 17:50:57 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.08.11 17:50:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.08.11 17:50:56 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.08.11 17:50:56 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.08.11 17:50:52 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll [2010.08.11 17:50:52 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll [2010.08.11 17:50:50 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2010.08.11 17:50:49 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2010.08.11 17:50:49 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.28 22:13:13 | 008,126,464 | -HS- | M] () -- C:\Users\magy\ntuser.dat [2010.08.28 20:34:27 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.28 20:34:27 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.28 20:28:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.28 20:28:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.28 20:28:16 | 2146,344,959 | -HS- | M] () -- C:\hiberfil.sys [2010.08.28 20:27:23 | 001,971,437 | -H-- | M] () -- C:\Users\magy\AppData\Local\IconCache.db [2010.08.28 20:21:21 | 000,000,497 | ---- | M] () -- C:\Windows\win.ini [2010.08.28 20:21:16 | 000,000,231 | ---- | M] () -- C:\Users\Public\Documents\PreUnInstall4Backup20100828_202116.zip [2010.08.28 16:11:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2010.08.28 15:38:31 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2010.08.27 16:43:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\magy\Desktop\OTL.exe [2010.08.27 16:10:17 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2010.08.27 15:58:32 | 004,984,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.08.27 14:54:08 | 000,112,160 | ---- | M] () -- C:\Users\magy\AppData\Local\GDIPFONTCACHEV1.DAT [2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job [2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job [2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job [2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job [2010.08.27 11:55:41 | 000,234,048 | ---- | M] (Disc-Soft) -- C:\Windows\SysWow64\drivers\dtcdrom.sys [2010.08.27 00:29:20 | 000,310,784 | ---- | M] () -- C:\Users\magy\Documents\Polterabend.doc [2010.08.26 18:10:33 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.08.26 18:10:33 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.08.26 18:10:33 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.08.26 18:10:33 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.08.26 18:10:33 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.08.25 12:43:00 | 000,000,568 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010.08.25 12:28:57 | 000,000,376 | ---- | M] () -- C:\Users\magy\Desktop\Wolfenstein™.lnk [2010.08.25 12:28:54 | 000,000,376 | ---- | M] () -- C:\Users\magy\Desktop\Wolfenstein™ MP.lnk [2010.08.25 12:27:06 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2010.08.23 20:43:40 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.08.23 20:43:28 | 000,794,408 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe [2010.08.22 18:55:44 | 000,502,256 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2010.08.16 19:50:17 | 000,028,160 | ---- | M] () -- C:\Users\magy\Documents\Kündigung.doc [2010.08.16 19:50:03 | 000,185,149 | ---- | M] () -- C:\Users\magy\Documents\Kündigung.pdf [2010.08.14 17:09:43 | 000,093,360 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2010.08.14 16:29:33 | 000,003,080 | ---- | M] () -- C:\Users\magy\Documents\cc_20100814_162929.reg [2010.08.12 19:19:26 | 000,004,096 | -H-- | M] () -- C:\Users\magy\AppData\Local\keyfile3.drm [2010.08.12 19:17:25 | 001,532,859 | ---- | M] () -- C:\Users\magy\Documents\Bewerbung.pdf [2010.08.12 19:17:16 | 002,858,496 | ---- | M] () -- C:\Users\magy\Documents\Bewerbung.doc [2010.08.12 19:12:16 | 000,520,644 | ---- | M] () -- C:\Users\magy\Documents\Arbeitszeugnis M.Hügli.jpg [2010.08.06 13:53:49 | 001,532,040 | ---- | M] () -- C:\Users\magy\Documents\Fähigkeitsausweis.jpg [2010.08.06 13:51:02 | 001,445,000 | ---- | M] () -- C:\Users\magy\Documents\Schulzeugniss.jpg [2010.08.06 13:39:36 | 000,445,840 | ---- | M] () -- C:\Users\magy\Documents\Arbeitszeugniss W.Hügli.jpg [2010.08.05 16:43:55 | 000,011,159 | ---- | M] () -- C:\Users\magy\Documents\Haushaltsgeld.xlsx [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.28 20:21:16 | 000,000,231 | ---- | C] () -- C:\Users\Public\Documents\PreUnInstall4Backup20100828_202116.zip [2010.08.28 16:11:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2010.08.28 15:38:31 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2010.08.27 11:50:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.08.27 11:50:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job [2010.08.27 11:50:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job [2010.08.27 11:50:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job [2010.08.27 11:50:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job [2010.08.27 00:29:19 | 000,310,784 | ---- | C] () -- C:\Users\magy\Documents\Polterabend.doc [2010.08.25 12:28:57 | 000,000,376 | ---- | C] () -- C:\Users\magy\Desktop\Wolfenstein™.lnk [2010.08.25 12:28:54 | 000,000,376 | ---- | C] () -- C:\Users\magy\Desktop\Wolfenstein™ MP.lnk [2010.08.25 12:12:13 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2010.08.23 20:43:28 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2010.08.16 19:50:03 | 000,185,149 | ---- | C] () -- C:\Users\magy\Documents\Kündigung.pdf [2010.08.14 16:29:31 | 000,003,080 | ---- | C] () -- C:\Users\magy\Documents\cc_20100814_162929.reg [2010.08.12 19:19:26 | 000,004,096 | -H-- | C] () -- C:\Users\magy\AppData\Local\keyfile3.drm [2010.08.12 19:13:47 | 000,520,644 | ---- | C] () -- C:\Users\magy\Documents\Arbeitszeugnis M.Hügli.jpg [2010.08.06 14:06:53 | 000,028,160 | ---- | C] () -- C:\Users\magy\Documents\Kündigung.doc [2010.08.06 13:57:35 | 001,532,859 | ---- | C] () -- C:\Users\magy\Documents\Bewerbung.pdf [2010.08.06 13:52:34 | 001,532,040 | ---- | C] () -- C:\Users\magy\Documents\Fähigkeitsausweis.jpg [2010.08.06 13:50:40 | 001,445,000 | ---- | C] () -- C:\Users\magy\Documents\Schulzeugniss.jpg [2010.08.06 13:39:47 | 000,445,840 | ---- | C] () -- C:\Users\magy\Documents\Arbeitszeugniss W.Hügli.jpg [2010.08.06 13:15:48 | 002,858,496 | ---- | C] () -- C:\Users\magy\Documents\Bewerbung.doc [2010.08.05 16:09:18 | 000,011,159 | ---- | C] () -- C:\Users\magy\Documents\Haushaltsgeld.xlsx [2010.07.03 15:57:53 | 001,481,728 | ---- | C] () -- C:\Windows\SysWow64\LegitCheckControl.dll [2010.07.03 15:57:19 | 000,676,224 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.dll [2010.07.03 15:57:19 | 000,190,976 | ---- | C] () -- C:\Windows\SysWow64\WgaLogon.dll [2010.04.09 22:54:23 | 000,003,584 | ---- | C] () -- C:\Users\magy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.09 20:05:14 | 000,000,600 | ---- | C] () -- C:\Users\magy\AppData\Roaming\winscp.rnd [2009.12.28 02:26:05 | 000,000,568 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.12.27 13:35:33 | 000,005,052 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik [2009.12.03 19:36:15 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2009.12.03 19:36:15 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2009.12.02 13:13:50 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009.12.02 13:13:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009.11.24 22:26:12 | 000,001,609 | ---- | C] () -- C:\ProgramData\afl.log [2009.11.16 16:14:14 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\RegisterDialog.dll [2009.10.27 08:19:44 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2009.10.27 08:19:44 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll [2009.10.27 08:19:44 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll [2009.10.27 08:19:44 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2009.10.27 08:19:44 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll [2009.10.27 08:19:44 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2009.10.27 08:08:46 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.10.25 20:25:24 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2009.10.25 20:01:50 | 000,106,496 | ---- | C] () -- C:\Windows\Vmix.dll [2009.10.25 19:49:00 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI [2009.10.25 18:19:11 | 000,292,878 | ---- | C] () -- C:\ProgramData\{DD247A2D-B6A4-4FB4-A0DC-3DF2797CEBBB}production_install_pkg.ico [2009.10.25 18:19:11 | 000,068,724 | ---- | C] () -- C:\ProgramData\{DD247A2D-B6A4-4FB4-A0DC-3DF2797CEBBB}aul.xml [2009.10.25 18:19:11 | 000,014,628 | ---- | C] () -- C:\ProgramData\{DD247A2D-B6A4-4FB4-A0DC-3DF2797CEBBB}banner.png [2009.10.25 18:19:11 | 000,012,158 | ---- | C] () -- C:\ProgramData\{DD247A2D-B6A4-4FB4-A0DC-3DF2797CEBBB}application.sif [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll < End of report > Extras Logfile: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.08.2010 22:11:40 - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\magy\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 80.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.21 Gb Total Space | 39.59 Gb Free Space | 21.26% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 13.40 Gb Free Space | 5.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MAGY-PC
Current User Name: magy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"AntiSpyWareDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"UacDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D01D10FC-9454-4C51-9A31-34F9FC1EFFCF}" = Logitech G35
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SP6" = Logitech SetPoint 6.15
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 21
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3516C69A-024D-42A8-B948-FFAA7B9CC49A}" = Windows SideShow Managed Runtime 1.0
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DCF21FE-A8CB-41DE-AEA3-D5FBEF108CD5}" = Microsoft Office Outlook-Minianwendungen für Windows SideShow
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FBA0E3E-786B-42EE-B8C0-2ADB116384C9}" = Tango
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_VISPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{60CC0F2D-BFA0-4851-903D-809D876DD87B}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.3.2.1
"HelixYUVCodecs" = Helix YUV Codecs (remove only)
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"LimeWire" = LimeWire PRO 5.3.6
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 220" = Half-Life 2
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Trapcode 3DStroke" = Trapcode 3DStroke
"Trapcode Form" = Trapcode Form
"Trapcode Lux" = Trapcode Lux
"Trapcode Particular v2" = Trapcode Particular v2
"Trapcode Shine" = Trapcode Shine
"Trapcode Starglow" = Trapcode Starglow
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.0.3
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.08.2010 10:52:34 | Computer Name = magy-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
(Fehler=0x8007043c).
Error - 28.08.2010 10:52:48 | Computer Name = magy-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007043c.
Error - 28.08.2010 10:52:48 | Computer Name = magy-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
(Fehler=0x8007043c).
Error - 28.08.2010 12:50:18 | Computer Name = magy-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007043c.
Error - 28.08.2010 12:50:18 | Computer Name = magy-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
(Fehler=0x8007043c).
Error - 28.08.2010 12:50:19 | Computer Name = magy-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007043c.
Error - 28.08.2010 12:50:19 | Computer Name = magy-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
(Fehler=0x8007043c).
Error - 28.08.2010 14:25:51 | Computer Name = magy-PC | Source = MsiInstaller | ID = 11905
Description =
Error - 28.08.2010 14:47:25 | Computer Name = magy-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\activision\wolfenstein\MP\serverlauncher.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Error - 28.08.2010 15:16:32 | Computer Name = magy-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Name des fehlerhaften Moduls: Explorer.EXE, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Ausnahmecode: 0xc000041d Fehleroffset: 0x000000000002cc2b
ID
des fehlerhaften Prozesses: 0x530 Startzeit der fehlerhaften Anwendung: 0x01cb46ded334bd20
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\Explorer.EXE Berichtskennung: c3ec9ca0-b2d8-11df-b202-002354078035
[ System Events ]
Error - 28.08.2010 14:12:00 | Computer Name = magy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Nero BackItUp Scheduler 4.0" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 28.08.2010 14:13:24 | Computer Name = magy-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 28.08.2010 14:20:52 | Computer Name = magy-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 28.08.2010 14:28:11 | Computer Name = magy-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\system32\drivers\SBREdrv.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 28.08.2010 14:28:32 | Computer Name = magy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 28.08.2010 14:29:21 | Computer Name = magy-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows CardSpace erreicht.
Error - 28.08.2010 14:29:21 | Computer Name = magy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows CardSpace" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 28.08.2010 14:29:26 | Computer Name = magy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Nero BackItUp Scheduler 4.0" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 28.08.2010 14:30:49 | Computer Name = magy-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Diagnosediensthost" wurde nicht richtig gestartet.
Error - 28.08.2010 14:30:49 | Computer Name = magy-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
[ TuneUp Events ]
Error - 22.02.2010 15:22:43 | Computer Name = magy-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 22.02.2010 15:22:43 | Computer Name = magy-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 22.02.2010 15:23:18 | Computer Name = magy-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 22.02.2010 15:23:18 | Computer Name = magy-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 22.02.2010 15:23:18 | Computer Name = magy-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
|
|
28.08.2010, 21:22
| #4 | |
| | explorer.exe infected hxxp://www.virustotal.com/file-scan/report.html?id=958e0d171dec9bc374328f94988b36e8a39433948a661e7c7538c1af0586bdf2-1283007451 Sieh dir das mal an Hier trotzdem noch die Malwarebytes Logfile: Zitat:
|
|
28.08.2010, 21:35
| #5 | |
| | explorer.exe infected Hi, was hast Du von Sunbelt drauf, und was sagt MAM? Einer der Fehler im Log weist einen sunbelt-treiber aus: Zitat:
[2010.08.14 12:24:43 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\tysepamao [2010.08.14 12:24:41 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\xydepqlqn [2009.12.27 13:35:33 | 000,005,052 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Windows\SysWow64\pbsvc.exe
(Wahrscheinlich punkbuster!)
C:\ProgramData\xqkcebzs.dik
War der Rechner schon mal verseucht? Poste bitte mal die Ergebnisse von virustotal (vom explorer.exe)... Lass MAM bitte mal (wenn nicht schon durch) im Fullscan-modus los... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) Geändert von Chris4You (28.08.2010 um 21:51 Uhr) |
|
28.08.2010, 21:53
| #6 | |
| | explorer.exe infected pbsvc ja das ist punkbusterservice und der ist laut VT clean. die andere datei ist laut VT auch clean. Die explorer.exe Logfile von VT von heute nachmittag: Zitat:
Sunbelt sagt mir nichts. Hab auf dem Computer auch nichts gefunden unter diesem Namen. Wie kann ich vorgehen?? |
|
28.08.2010, 21:54
| #7 |
| | explorer.exe infected hat sunbelt vielleicht was mit java zu tun?? |
|
28.08.2010, 21:57
| #8 |
| | explorer.exe infected habe diese [2010.08.14 12:24:43 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\tysepamao [2010.08.14 12:24:41 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\xydepqlqn [2009.12.27 13:35:33 | 000,005,052 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik files gelöscht. die mam logfile habe ich oben ja gepostet und so wie ich das verstehe gab es keine Funde |
|
28.08.2010, 22:05
| #9 |
| | explorer.exe infected Hi, firewall sunbelt keriko etc.... Hast Du MAM mal im Fullscanmodus loslegen lassen? CF läuft leider nicht auf 64Bit... An einen Explorer-patch glaube ich eigentlich nicht... Mal sehen: Lade SystemLook von einem der folgenden Links und speichere das Tool auf dem Desktop. http://jpshortstuff.247fixes.com/SystemLook.exe - http://images.malwareremoval.com/jpshortstuff/SystemLook.exe
Code:
ATTFilter :filefind
explorer.exe
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert. Prevx: Das Tool neigt zu Fehlalarmen und kann in der freien Version auch nichts löschen, ist aber sonst recht gut... (und läuft auch 64Bit-Plattformen) Prevx 3.0 for Home and Family Falls das Tool was findet, nicht das Log posten sondern einen Screenshot des dann angezeigten Fensters... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
28.08.2010, 22:17
| #10 |
| | explorer.exe infected SystemLook v1.0 by jpshortstuff (11.01.10) Log created at 23:15 on 28/08/2010 by magy (Administrator - Elevation successful) ========== filefind ========== Searching for "explorer.exe" C:\Windows\explorer.exe --a--- 2870272 bytes [18:23 26/01/2010] [06:34 31/10/2009] 5C8EC18438B0709795683256C5DECA4D C:\Windows\System32\explorer.exe --a--- 2614272 bytes [18:23 26/01/2010] [05:45 31/10/2009] 2626FC9755BE22F805D3CFA0CE3EE727 C:\Windows\SysWOW64\explorer.exe --a--- 2614272 bytes [18:23 26/01/2010] [05:45 31/10/2009] 2626FC9755BE22F805D3CFA0CE3EE727 C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe --a--- 2868224 bytes [23:56 13/07/2009] [01:39 14/07/2009] C235A51CB740E45FFA0EBFB9BAFCDA64 C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe --a--- 2868224 bytes [15:05 25/10/2009] [06:17 03/08/2009] F170B4A061C9E026437B193B4D571799 C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe --a--- 2870272 bytes [18:23 26/01/2010] [06:34 31/10/2009] 9AAAEC8DAC27AA17B053E6352AD233AE C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe --a--- 2868224 bytes [15:05 25/10/2009] [06:19 03/08/2009] 700073016DAC1C3D2E7E2CE4223334B6 C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe --a--- 2870272 bytes [18:23 26/01/2010] [06:38 31/10/2009] B8EC4BD49CE8F6FC457721BFC210B67F C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe --a--- 2613248 bytes [23:41 13/07/2009] [01:14 14/07/2009] 15BC38A7492BEFE831966ADB477CF76F C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe --a--- 2613248 bytes [15:05 25/10/2009] [05:35 03/08/2009] B95EEB0F4E5EFBF1038A35B3351CF047 C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe --a--- 2614272 bytes [18:23 26/01/2010] [05:45 31/10/2009] 2626FC9755BE22F805D3CFA0CE3EE727 C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe --a--- 2613248 bytes [15:05 25/10/2009] [05:49 03/08/2009] 9FF6C4C91A3711C0A3B18F87B08B518D C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe --a--- 2614272 bytes [18:23 26/01/2010] [06:00 31/10/2009] C76153C7ECA00FA852BB0C193378F917 -=End Of File=- |
|
28.08.2010, 22:24
| #11 |
| | explorer.exe infected was von sunbelt drauf ist find ich nicht raus ja Mam lief gestern im Fullscanmodus und hat nichts gefunden. die ist allerdings von heute und war nur ein kleiner scan |
|
28.08.2010, 22:38
| #12 |
| | explorer.exe infected Hi, die Prevx-Meldung hätte gereicht ;o) Was macht der Rest? Customscan mit OTL: * Starte bitte die OTL.exe. Vista/Win7-User mit Rechtsklick "als Administrator starten" * Kopiere nun den Inhalt in die Textbox. Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
mv61xx.sys
/md5stop
c:\windows\system32\drivers\*.sys /lockedfiles
c:\windows\system32\*.dll /lockedfiles
%systemroot%\*. /mp /s
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
* Klicke nun bitte auf den Quick Scan Button. * Klick auf OK . * Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
28.08.2010, 22:52
| #13 |
| | explorer.exe infected scan ist am laufen. welchen rest meinst du? |
|
28.08.2010, 23:07
| #14 |
| | explorer.exe infected OTL Logfile: OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.08.2010 23:49:57 - Run 3 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\magy\Desktop\Malware 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 78.00% Memory free 16.00 Gb Paging File | 14.00 Gb Available in Paging File | 89.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 186.21 Gb Total Space | 40.20 Gb Free Space | 21.59% Space Free | Partition Type: NTFS Drive D: | 232.88 Gb Total Space | 13.40 Gb Free Space | 5.76% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: | 465.76 Gb Total Space | 26.05 Gb Free Space | 5.59% Space Free | Partition Type: NTFS Computer Name: MAGY-PC Current User Name: magy Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - C:\Users\magy\Desktop\Malware\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\DAEMON Tools Net\DTShellHlp.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\DAEMON Tools Net\DTNetSrv.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) ========== Modules (SafeList) ========== MOD - C:\Users\magy\Desktop\Malware\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (DTNetService) -- C:\Program Files (x86)\DAEMON Tools Net\DTNetSrv.exe (DT Soft Ltd) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (pxscan) -- C:\Windows\SysNative\drivers\pxscan.sys File not found DRV:64bit: - (pxrts) -- C:\Windows\SysNative\drivers\pxrts.sys File not found DRV:64bit: - (pxkbf) -- C:\Windows\SysNative\drivers\pxkbf.sys File not found DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\SBREDrv.sys (Sunbelt Software) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech) DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBMULCD) -- C:\Windows\SysNative\drivers\CM10664.sys (C-Media Inc) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (dtcdrom) -- C:\Windows\SysWOW64\drivers\dtcdrom.sys (Disc-Soft) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 C1 35 FA 83 55 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.the-sealanders.ch/paintball/index.php" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.08.22 19:33:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.08.28 15:42:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.08.28 15:42:59 | 000,000,000 | ---D | M] [2009.10.26 19:51:49 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\mozilla\Extensions [2009.10.26 19:51:49 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2010.08.28 20:27:02 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\mozilla\Firefox\Profiles\2lq04ze3.default\extensions [2010.03.27 17:08:46 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\magy\AppData\Roaming\mozilla\Firefox\Profiles\2lq04ze3.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.08.28 23:36:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.03.27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll [2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.28 15:50:17 | 000,001,820 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 0 more lines... O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Tango) - {5FBA0E3E-786B-42EE-B8C0-2ADB116384C9} - C:\Windows\SysWow64\3a78.dll File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O13 - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll File not found O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysWow64\DreamScene.dll File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.08.28 15:38:31 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{12139b68-1bdf-11df-b05d-002354078035}\Shell - "" = AutoRun O33 - MountPoints2\{12139b68-1bdf-11df-b05d-002354078035}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{d6b503d3-f32b-11de-96df-002354078035}\Shell - "" = AutoRun O33 - MountPoints2\{d6b503d3-f32b-11de-96df-002354078035}\Shell\AutoRun\command - "" = G:\STEAMBACKUP.EXE -- File not found O33 - MountPoints2\{dd9cd1a0-ae10-11df-9d89-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{dd9cd1a0-ae10-11df-9d89-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Installer.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe - File not found MsConfig:64bit - StartUpReg: EvtMgr6 - hkey= - key= - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) MsConfig:64bit - StartUpReg: Logitech G35 - hkey= - key= - C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c)) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - State: "bootini" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L) Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.dvsd - C:\Windows\SysWow64\pdvcodec.dll (Matsushita Electric Industrial Co., Ltd.) Drivers32: vidc.ffds - C:\PROGRA~2\COMBIN~1\Filters\FFDShow\ff_vfw.dll () Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010.08.28 23:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2010.08.28 23:18:31 | 000,000,000 | ---D | C] -- C:\Users\magy\Desktop\Malware [2010.08.28 23:17:42 | 000,060,928 | ---- | C] (Prevx) -- C:\Windows\SysWow64\PxSecure.dll-11027991 [2010.08.28 23:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2010.08.28 22:19:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.08.28 22:19:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.08.28 21:16:34 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\CrashDumps [2010.08.28 20:21:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Backup [2010.08.28 20:21:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\C-CHANNEL [2010.08.28 19:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010.08.28 17:09:53 | 000,000,000 | ---D | C] -- C:\Users\magy\Documents\Anti-Malware [2010.08.28 16:35:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2010.08.28 16:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2010.08.28 15:48:48 | 000,000,000 | ---D | C] -- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP [2010.08.28 15:37:37 | 000,000,000 | ---D | C] -- C:\Windows\95431C66CF9A4913BFFF6050785AFB65.TMP [2010.08.27 17:44:14 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Roaming\Malwarebytes [2010.08.27 17:44:06 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.08.27 16:10:46 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\Logishrd [2010.08.27 16:10:17 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2010.08.27 16:09:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd [2010.08.27 16:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd [2010.08.27 16:05:42 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Roaming\Logishrd [2010.08.27 12:41:37 | 000,000,000 | ---D | C] -- C:\AdobeTemp [2010.08.27 11:55:41 | 000,234,048 | ---- | C] (Disc-Soft) -- C:\Windows\SysWow64\drivers\dtcdrom.sys [2010.08.26 18:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2010.08.26 18:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2010.08.25 14:01:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010.08.25 12:12:13 | 000,000,000 | ---D | C] -- C:\Users\magy\Documents\StarCraft II [2010.08.25 12:12:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II [2010.08.25 12:12:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2010.08.24 16:00:13 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2010.08.24 16:00:13 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2010.08.23 22:03:00 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\id Software [2010.08.23 20:34:47 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache [2010.08.22 19:36:41 | 000,000,000 | ---D | C] -- C:\Users\magy\Adobe Flash Builder 4 [2010.08.22 19:34:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe [2010.08.22 19:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name [2010.08.22 18:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Net [2010.08.22 18:54:37 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Roaming\DAEMON Tools Net [2010.08.14 17:10:21 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\Sunbelt Software [2010.08.14 17:09:43 | 000,093,360 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2010.08.14 12:24:32 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\Windows Server [2010.08.14 12:24:25 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Roaming\E489084B2DBCBD550FA6616675C2950C [2010.07.13 17:54:50 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Roaming\Avira [2010.07.13 17:53:35 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2010.07.13 17:53:35 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2010.07.13 17:53:35 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys [2010.07.13 17:53:35 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys [2010.07.13 17:53:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2010.06.29 23:31:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2010.06.29 23:31:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2010.06.27 00:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010.06.27 00:42:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2010.06.27 00:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010.06.27 00:41:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.06.07 19:49:43 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Roaming\Blender Foundation [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010.08.28 23:49:52 | 008,126,464 | -HS- | M] () -- C:\Users\magy\ntuser.dat [2010.08.28 23:36:23 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.08.28 23:36:23 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.08.28 23:36:23 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.08.28 23:36:23 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.08.28 23:36:23 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.08.28 23:17:42 | 000,060,928 | ---- | M] (Prevx) -- C:\Windows\SysWow64\PxSecure.dll-11027991 [2010.08.28 23:17:34 | 000,000,049 | ---- | M] () -- C:\Windows\wininit.ini [2010.08.28 20:34:27 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.28 20:34:27 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.28 20:28:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.28 20:28:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.28 20:28:16 | 2146,344,959 | -HS- | M] () -- C:\hiberfil.sys [2010.08.28 20:21:21 | 000,000,497 | ---- | M] () -- C:\Windows\win.ini [2010.08.28 20:21:16 | 000,000,231 | ---- | M] () -- C:\Users\Public\Documents\PreUnInstall4Backup20100828_202116.zip [2010.08.28 16:11:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2010.08.28 15:38:31 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2010.08.27 16:10:17 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2010.08.27 15:58:32 | 004,984,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job [2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job [2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job [2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job [2010.08.27 11:55:41 | 000,234,048 | ---- | M] (Disc-Soft) -- C:\Windows\SysWow64\drivers\dtcdrom.sys [2010.08.27 00:29:20 | 000,310,784 | ---- | M] () -- C:\Users\magy\Documents\Polterabend.doc [2010.08.25 12:43:00 | 000,000,568 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010.08.25 12:28:57 | 000,000,376 | ---- | M] () -- C:\Users\magy\Desktop\Wolfenstein™.lnk [2010.08.25 12:28:54 | 000,000,376 | ---- | M] () -- C:\Users\magy\Desktop\Wolfenstein™ MP.lnk [2010.08.25 12:27:06 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2010.08.23 20:43:40 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.08.23 20:43:28 | 000,794,408 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe [2010.08.22 18:55:44 | 000,502,256 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2010.08.16 19:50:17 | 000,028,160 | ---- | M] () -- C:\Users\magy\Documents\Kündigung.doc [2010.08.16 19:50:03 | 000,185,149 | ---- | M] () -- C:\Users\magy\Documents\Kündigung.pdf [2010.08.14 17:09:43 | 000,093,360 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2010.08.14 16:29:33 | 000,003,080 | ---- | M] () -- C:\Users\magy\Documents\cc_20100814_162929.reg [2010.08.12 19:17:25 | 001,532,859 | ---- | M] () -- C:\Users\magy\Documents\Bewerbung.pdf [2010.08.12 19:17:16 | 002,858,496 | ---- | M] () -- C:\Users\magy\Documents\Bewerbung.doc [2010.08.12 19:12:16 | 000,520,644 | ---- | M] () -- C:\Users\magy\Documents\Arbeitszeugnis M.Hügli.jpg [2010.08.06 13:53:49 | 001,532,040 | ---- | M] () -- C:\Users\magy\Documents\Fähigkeitsausweis.jpg [2010.08.06 13:51:02 | 001,445,000 | ---- | M] () -- C:\Users\magy\Documents\Schulzeugniss.jpg [2010.08.06 13:39:36 | 000,445,840 | ---- | M] () -- C:\Users\magy\Documents\Arbeitszeugniss W.Hügli.jpg [2010.08.05 16:43:55 | 000,011,159 | ---- | M] () -- C:\Users\magy\Documents\Haushaltsgeld.xlsx [2010.07.13 18:00:38 | 000,000,600 | ---- | M] () -- C:\Users\magy\AppData\Roaming\winscp.rnd [2010.07.10 00:38:00 | 000,065,128 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2010.07.10 00:38:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2010.07.10 00:38:00 | 000,012,264 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2010.06.12 03:02:31 | 000,000,039 | ---- | M] () -- C:\Windows\vbaddin.ini [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.28 23:17:27 | 000,000,049 | ---- | C] () -- C:\Windows\wininit.ini [2010.08.28 20:21:16 | 000,000,231 | ---- | C] () -- C:\Users\Public\Documents\PreUnInstall4Backup20100828_202116.zip [2010.08.28 16:11:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2010.08.28 15:38:31 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2010.08.27 11:50:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.08.27 11:50:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job [2010.08.27 11:50:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job [2010.08.27 11:50:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job [2010.08.27 11:50:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job [2010.08.27 00:29:19 | 000,310,784 | ---- | C] () -- C:\Users\magy\Documents\Polterabend.doc [2010.08.25 12:28:57 | 000,000,376 | ---- | C] () -- C:\Users\magy\Desktop\Wolfenstein™.lnk [2010.08.25 12:28:54 | 000,000,376 | ---- | C] () -- C:\Users\magy\Desktop\Wolfenstein™ MP.lnk [2010.08.25 12:12:13 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2010.08.23 20:43:28 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2010.08.16 19:50:03 | 000,185,149 | ---- | C] () -- C:\Users\magy\Documents\Kündigung.pdf [2010.08.14 16:29:31 | 000,003,080 | ---- | C] () -- C:\Users\magy\Documents\cc_20100814_162929.reg [2010.08.12 19:13:47 | 000,520,644 | ---- | C] () -- C:\Users\magy\Documents\Arbeitszeugnis M.Hügli.jpg [2010.08.06 14:06:53 | 000,028,160 | ---- | C] () -- C:\Users\magy\Documents\Kündigung.doc [2010.08.06 13:57:35 | 001,532,859 | ---- | C] () -- C:\Users\magy\Documents\Bewerbung.pdf [2010.08.06 13:52:34 | 001,532,040 | ---- | C] () -- C:\Users\magy\Documents\Fähigkeitsausweis.jpg [2010.08.06 13:50:40 | 001,445,000 | ---- | C] () -- C:\Users\magy\Documents\Schulzeugniss.jpg [2010.08.06 13:39:47 | 000,445,840 | ---- | C] () -- C:\Users\magy\Documents\Arbeitszeugniss W.Hügli.jpg [2010.08.06 13:15:48 | 002,858,496 | ---- | C] () -- C:\Users\magy\Documents\Bewerbung.doc [2010.08.05 16:09:18 | 000,011,159 | ---- | C] () -- C:\Users\magy\Documents\Haushaltsgeld.xlsx [2010.07.03 15:57:53 | 001,481,728 | ---- | C] () -- C:\Windows\SysWow64\LegitCheckControl.dll [2010.07.03 15:57:19 | 000,676,224 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.dll [2010.07.03 15:57:19 | 000,414,208 | ---- | C] () -- C:\Windows\SysWow64\WgaTray.exe [2010.07.03 15:57:19 | 000,190,976 | ---- | C] () -- C:\Windows\SysWow64\WgaLogon.dll [2010.02.09 20:05:14 | 000,000,600 | ---- | C] () -- C:\Users\magy\AppData\Roaming\winscp.rnd [2009.12.28 02:26:05 | 000,000,568 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.12.03 19:36:15 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2009.12.03 19:36:15 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2009.12.02 13:13:50 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009.12.02 13:13:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009.11.16 16:14:14 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\RegisterDialog.dll [2009.10.27 08:19:44 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2009.10.27 08:19:44 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll [2009.10.27 08:19:44 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll [2009.10.27 08:19:44 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2009.10.27 08:19:44 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll [2009.10.27 08:19:44 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2009.10.27 08:08:46 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.10.25 20:25:24 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2009.10.25 20:01:50 | 000,106,496 | ---- | C] () -- C:\Windows\Vmix.dll [2009.10.25 19:49:00 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== LOP Check ========== [2010.06.07 19:49:43 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\Blender Foundation [2010.01.14 22:27:55 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\Canneverbe_Limited [2010.04.14 19:46:03 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\Command and Conquer 4 [2009.10.25 17:43:44 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\DAEMON Tools Lite [2010.08.22 19:17:27 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\DAEMON Tools Net [2010.08.14 12:26:35 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\E489084B2DBCBD550FA6616675C2950C [2010.04.23 19:58:24 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\FileZilla [2010.01.17 12:51:02 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\IrfanView [2009.10.28 18:42:36 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\Leadertech [2010.08.26 18:11:31 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\LimeWire [2010.08.28 20:22:35 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\MAXON [2009.12.02 22:23:17 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\NetMeter [2009.12.31 01:32:51 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\ProtectDisc [2010.01.20 21:21:30 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\TS3Client [2009.10.27 20:51:26 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\TuneUp Software [2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job [2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job [2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job [2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job [2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2010.05.08 21:44:55 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < c:\windows\system32\drivers\*.sys /lockedfiles > < c:\windows\system32\*.dll /lockedfiles > < %systemroot%\*. /mp /s > < %PROGRAMFILES%\*. > [2010.08.23 20:36:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Activision [2010.08.28 20:19:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe [2009.10.25 18:18:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Alcohol Soft [2009.12.26 18:47:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Analog Devices [2009.12.03 19:36:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ASUS [2009.10.28 23:46:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG [2010.07.13 17:53:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Avira [2010.08.28 20:21:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\C-CHANNEL [2009.11.22 17:35:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CCleaner [2009.10.25 19:41:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Combined Community Codec Pack [2010.08.28 20:23:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files [2010.03.27 17:08:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit [2010.08.22 18:55:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Net [2009.10.25 17:42:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Toolbar [2009.12.01 23:23:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX [2009.12.27 23:18:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Elaborate Bytes [2010.08.14 16:42:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electronic Arts [2010.04.16 21:07:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Endress+Hauser [2010.04.22 18:05:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FileZilla FTP Client [2010.08.28 20:21:28 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information [2010.08.11 21:54:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer [2010.07.13 17:59:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IrfanView [2010.06.27 00:43:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes [2010.08.25 14:01:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java [2010.08.27 12:27:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Jdowner [2010.05.17 18:50:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LimeWire [2009.10.28 18:45:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Logitech [2010.08.28 22:19:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2009.10.25 19:45:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office [2010.08.26 18:06:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight [2009.10.25 19:45:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio [2009.10.25 19:43:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2009.10.27 01:43:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works [2009.11.04 18:17:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft WSE [2010.08.11 17:55:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET [2009.12.30 18:21:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mkv2vob [2010.08.28 15:42:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox [2009.10.25 19:45:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild [2009.10.28 04:00:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0 [2010.08.22 19:30:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\My Company Name [2010.08.26 18:08:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero [2010.08.24 16:01:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation [2010.08.22 19:45:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ProtectDisc [2010.06.27 00:41:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies [2010.08.25 12:43:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StarCraft II [2010.08.28 20:24:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam [2009.10.25 19:42:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Teamspeak2_RC2 [2010.08.28 19:00:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Trend Micro [2009.07.14 06:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information [2009.12.02 00:11:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN [2009.07.14 19:58:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender [2010.05.12 21:16:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail [2009.10.25 17:05:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT [2009.07.14 19:58:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer [2009.07.14 07:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices [2009.07.14 19:58:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar [2009.10.26 19:21:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows SideShow [2009.12.02 13:13:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Xvid < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > --- --- --- |
|
29.08.2010, 00:18
| #15 |
| | explorer.exe infected Hi, OTL-Log schaue ich mir morgen an... ABER welchen Explorer hast du überprüfen lassen? C:\Windows\explorer.exe C:\Windows\System32\explorer.exe Überprüfe mal beide... einer ist wohl doch "gedopt"... und unter vista steht der richtige unter c:\windows... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu explorer.exe infected |
| adobe, antivir, antivir guard, antivirus, ask toolbar, ask.com, avg, avira, bho, browser, desktop, emsisoft, emsisoft anti-malware, enigma, firefox, hijackthis, hängen, internet, internet explorer, intrusion prevention, logfile, malware, mozilla, object, online virus, plug-in, scan, senden, software, spyhunter 4, symantec, system, syswow64, virus, windows |
Linear-Darstellung
