| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Microsoft Security Essentials AlertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.09.2010, 17:46
| #1 |
 |  Microsoft Security Essentials Alert Hallo, AntiVir hat mir soeben (auf einem anderen PC natürlich) gemeldet, dass ich mir ein paar Viren eingefangen habe. Alle Programme haben sich geschlossen und ein Fake Microsoft Security Essentials Alert-Fenster ist jetzt immer da. So, nun habe ich schon nach vielen Tutorials gesucht, die das Entfernen dieser Meldung beschreiben, allerdings komme ich bei keinem Tutorial über den ersten Schritt hinaus. Grund dafür ist, dass ich weder den Task-Manager noch irgendwelche anderen Programme öffnen kann (auch im abgesichten Modus nicht). Folglich kann ich auch keine Logs von HijackThis etc. posten. Kann mir von euch jemand weiterhelfenn? Wie kann ich den Virus trotzdem entfernen? Danke schonmal. |
|
18.09.2010, 17:57
| #2 |
| /// Malware-holic   | Microsoft Security Essentials Alert kommst du in den abgesicherten modus ohne netzwerk? kannst du dort arbeiten?
__________________ |
|
18.09.2010, 18:15
| #3 |
| | Microsoft Security Essentials Alert Ja, kann ich starten, aber Programme öffnen sich auch dort nicht.
__________________ |
|
18.09.2010, 18:22
| #4 |
| /// Malware-holic | Microsoft Security Essentials Alert 3. download OTLPE.iso: http://oldtimer.geekstogo.com/OTLPE.iso und brenne es mit ISOBurner auf eine CD. • Wenn der Download fertig ist mache ein doppel Klick auf die Datei, was ISOBurner öffnet um es auf die CD zu brennen. Starte dein System neu und boote von der CD die du gerade erstellt hast. Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten, dann folge diesen Schritten How to Set BIOS to Boot from CDROM - www.hiren.info • Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen. • Mache einen doppel Klick auf das OTLPE Icon. • Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes. • Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes. • entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist. • OTL sollte nun starten. • Drücke Run Scan um den Scan zu starten. • Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert • Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast. poste beide logs |
|
18.09.2010, 18:37
| #5 |
| | Microsoft Security Essentials Alert Dein Link für die OTLPE.iso funktioniert nicht. Im Internet finde ich die Datei überall nur als .exe. Kannst du mir noch einen anderen Downloadlink geben? |
|
18.09.2010, 18:44
| #6 |
| /// Malware-holic | Microsoft Security Essentials Alert |
|
18.09.2010, 19:13
| #7 |
| | Microsoft Security Essentials Alert Waehrend des Scans kommt folgende Fehlermeldung: Access violation at adress 0051A813 in module OTLPE.exe. Read of address 00000000. Wenn ich bei dem Fenster of OK druecke, passiert nichts. Also der Scan hat anscheinend aufgehoert. (Uebrigens habe ich C:\Windows zum Scannen ausgewaehlt. Bei anderen Sachen kommt eine Fehlermeldung) |
|
18.09.2010, 19:20
| #8 |
| /// Malware-holic | Microsoft Security Essentials Alert hast du unter OTLPENet internet zugang? wenn ja sollte auch combofix dort laufen bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix wenn nicht auf nen stick ziehen und dann auf den infizierten pc kopieren. |
|
18.09.2010, 19:53
| #9 |
| | Microsoft Security Essentials Alert Wenn ich ComboFix starte, erhalte ich eine Fehlermeldung: Errors encountered while performing the operation Look at the information window for more details |
|
18.09.2010, 20:41
| #10 |
| /// Malware-holic | Microsoft Security Essentials Alert schau mal ob du mit der avira rescue disk scannen kannst Avira AntiVir Rescue System |
|
19.09.2010, 10:18
| #11 |
| | Microsoft Security Essentials Alert Wenn ich die Datei herunterlade, bleibt der Download bei 99% stehen, weil kein Platz auf der Disk Space ist. Darf man den irgendwelche Dateien loeschen auf Reatogo? Wenn ja, welche? |
|
19.09.2010, 15:12
| #12 |
| /// Malware-holic | Microsoft Security Essentials Alert du sollst die cd bitte von nem andern pc aus brennen und dann auf dem pc ausführen, falls du die möglichkeit hast. |
|
20.09.2010, 18:08
| #13 |
| | Microsoft Security Essentials Alert Also, ich konnte mit dem Rescue System scannen. Es gab 27 Funde, 22 davon konnten (soweit ich mich richtig erinnere) nicht "umbenannt" werden. Die Logfile konnte ich auch mit Tutorial nicht speichern, da mir das Rescue System dabei irgendwie keine Festplatten angezeigt hat. Wie auch immer, Fakt ist, dass ich auch nach dem Scannen immernoch nichts am infizierten PC machen kann. Ich kann übrigens AntiVir darauf starten, aber wenn ich das "System jetzt prüfen" will, passiert einfach nichts. |
|
20.09.2010, 18:17
| #14 |
| /// Malware-holic | Microsoft Security Essentials Alert also hast du zugriff aufs system? ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide. |
|
20.09.2010, 21:13
| #15 |
| | Microsoft Security Essentials Alert Hier die Reports. Während des Scans hat AntiVir übrigens automatisch drei Viren gemeldet, welche ich habe löschen lassen. OTK.txt: Code:
ATTFilter OTL logfile created on: 20.09.2010 19:26:24 - Run 1 OTL by OldTimer - Version 3.2.14.0 Folder = C:\Users\iDGames\Desktop\Freigabe Virus An unknown product Service Pack 2 (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 62,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 698,54 Gb Total Space | 506,47 Gb Free Space | 72,50% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 698,63 Gb Total Space | 441,17 Gb Free Space | 63,15% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: IDGAMES-PC Current User Name: iDGames Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\iDGames\Desktop\Freigabe Virus\OTL.exe (OldTimer Tools) PRC - C:\Users\iDGames\AppData\Roaming\hotfix.exe (Fast Maus AG) PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files\Xfire\Xfire.exe (Xfire Inc.) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe () PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Program Files\Avira\AntiVir Desktop\avscan.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Razer\Lachesis\razerhid.exe () PRC - C:\Program Files\Razer\Lachesis\razerofa.exe (Razer Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\iDGames\Desktop\Freigabe Virus\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Xfire\xfire_toucan_43094.dll (Xfire Inc.) MOD - C:\Windows\System32\msvcr71.dll (Microsoft Corporation) MOD - C:\Windows\System32\wsock32.dll (Microsoft Corporation) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe File not found SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (DAUpdaterSvc) -- C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) ========== Driver Services (SafeList) ========== DRV - (AcpiPmi) -- C:\Windows\System32\DRIVERS\acpipmi.sys File not found DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.) DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.) DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.) DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2546801421-2070991855-9694198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2546801421-2070991855-9694198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2546801421-2070991855-9694198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F5 A8 7A 75 A3 55 CB 01 [binary data] IE - HKU\S-1-5-21-2546801421-2070991855-9694198-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2546801421-2070991855-9694198-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.22 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6 FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.08.21 23:26:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.11 17:05:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.11 17:05:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.08.21 23:26:46 | 000,000,000 | ---D | M] [2009.08.19 16:11:08 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Mozilla\Extensions [2010.05.05 08:40:46 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Mozilla\Firefox\Profiles\ue5mwyyq.default\extensions [2010.04.24 17:57:40 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\iDGames\AppData\Roaming\Mozilla\Firefox\Profiles\ue5mwyyq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.05.05 08:40:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009.07.31 00:59:14 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.07.31 00:59:14 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2009.07.31 00:59:14 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.09.15 18:15:19 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.07.31 00:59:14 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.04.24 16:51:15 | 000,001,748 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com O1 - Hosts: 127.0.0.1 orbitservice.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com O1 - Hosts: 127.0.0.1 orbitservice.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2546801421-2070991855-9694198-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKU\S-1-5-21-2546801421-2070991855-9694198-1000..\Run: [] File not found O4 - HKU\S-1-5-21-2546801421-2070991855-9694198-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2546801421-2070991855-9694198-1000..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) O4 - HKU\S-1-5-21-2546801421-2070991855-9694198-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\iDGames\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\iDGames\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2546801421-2070991855-9694198-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found O20 - HKLM Winlogon: Shell - (drhg.ipo) - C:\Windows\System32\drhg.ipo () O20 - HKLM Winlogon: Shell - (iedtcbo) - File not found O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\S-1-5-21-2546801421-2070991855-9694198-1000 Winlogon: Shell - (C:\Users\iDGames\AppData\Roaming\hotfix.exe) - C:\Users\iDGames\AppData\Roaming\hotfix.exe (Fast Maus AG) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6c0dceff-d74c-11de-b596-0016e68bcd57}\Shell - "" = AutoRun O33 - MountPoints2\{6c0dceff-d74c-11de-b596-0016e68bcd57}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{77720df8-9d85-11de-b18a-0016e68bcd57}\Shell - "" = AutoRun O33 - MountPoints2\{77720df8-9d85-11de-b18a-0016e68bcd57}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll () ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\Users\iDGames\AppData\Local\msfrtw.dll.XXX File not found -- C:\Windows\System32\drivers\acpipmi.sys.XXX File not found -- C:\Windows\System32\drivers\acpipmi.sys.bak.XXX [2010.09.20 19:22:21 | 000,000,000 | ---D | C] -- C:\Users\iDGames\Desktop\Freigabe Virus [2010.09.19 19:11:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.09.18 17:51:51 | 000,664,576 | ---- | C] (Fast Maus AG) -- C:\Users\iDGames\AppData\Roaming\hotfix.exe [2010.09.10 00:31:44 | 000,000,000 | ---D | C] -- C:\Users\iDGames\Documents\Need for Speed World [2010.09.08 16:25:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\STALKER-SHOC [2010.08.21 23:24:22 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache [2010.08.21 22:55:43 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll [2010.08.21 22:55:43 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.21 22:55:40 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.21 22:55:38 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.21 22:55:38 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.21 22:55:20 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.21 22:55:20 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.21 22:55:20 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.21 22:55:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.21 22:55:20 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.21 22:55:19 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.21 22:55:19 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.21 22:55:19 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.21 22:54:59 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.20 23:03:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.20 23:03:37 | 002,237,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.09.20 23:03:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.20 23:03:21 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2010.09.20 21:36:35 | 003,670,016 | -HS- | M] () -- C:\Users\iDGames\NTUSER.DAT [2010.09.20 19:38:17 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.20 19:38:17 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.20 19:11:32 | 000,726,316 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.20 19:11:32 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.20 19:11:32 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.18 17:51:50 | 000,664,576 | ---- | M] (Fast Maus AG) -- C:\Users\iDGames\AppData\Roaming\hotfix.exe [2010.09.18 17:51:30 | 000,021,504 | ---- | M] () -- C:\Windows\System32\drhg.ipo [2010.09.17 19:57:12 | 003,551,027 | -H-- | M] () -- C:\Users\iDGames\AppData\Local\IconCache.db [2010.09.17 17:56:53 | 000,113,741 | ---- | M] () -- C:\Users\iDGames\Desktop\Druid Rare+Crafts.jpg [2010.09.17 17:56:46 | 001,313,644 | ---- | M] () -- C:\Users\iDGames\Desktop\Druid Rare+Crafts.psd [2010.09.17 17:56:28 | 000,215,225 | ---- | M] () -- C:\Users\iDGames\Desktop\Druid Stats.jpg [2010.09.17 17:56:11 | 002,812,312 | ---- | M] () -- C:\Users\iDGames\Desktop\Druid Stats.psd [2010.09.16 14:55:28 | 000,001,074 | ---- | M] () -- C:\Users\iDGames\Desktop\Resident Evil 5.lnk [2010.09.15 17:19:12 | 000,234,280 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2010.09.15 17:15:30 | 000,137,976 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.09.15 16:47:24 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Users\iDGames\Desktop\utorrent.exe [2010.09.15 14:22:23 | 002,141,543 | ---- | M] () -- C:\Users\iDGames\Desktop\Essen Menü.psd [2010.09.14 18:33:37 | 182,517,725 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.09.14 18:32:25 | 000,000,020 | ---- | M] () -- C:\Users\iDGames\AppData\Roaming\apiqfw.dat [2010.09.14 18:32:16 | 000,000,004 | ---- | M] () -- C:\Users\iDGames\AppData\Roaming\avdrn.dat [2010.09.13 20:57:38 | 000,001,155 | ---- | M] () -- C:\Users\iDGames\Desktop\GameLauncher.exe - Shortcut.lnk [2010.09.12 02:44:00 | 000,000,454 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job [2010.09.11 21:44:05 | 000,000,827 | ---- | M] () -- C:\Users\iDGames\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk [2010.09.11 21:44:05 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2010.09.09 15:13:27 | 000,000,980 | ---- | M] () -- C:\Users\iDGames\Desktop\Miranda IM.lnk [2010.09.08 16:36:13 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk [2010.08.21 23:51:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2010.08.21 23:28:24 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.19 03:09:43 | 000,001,024 | -H-- | C] () -- C:\Users\iDGames\ntuser.dat.LOG [2010.09.18 17:51:32 | 000,021,504 | ---- | C] () -- C:\Windows\System32\drhg.ipo [2010.09.17 17:56:51 | 000,113,741 | ---- | C] () -- C:\Users\iDGames\Desktop\Druid Rare+Crafts.jpg [2010.09.17 17:56:45 | 001,313,644 | ---- | C] () -- C:\Users\iDGames\Desktop\Druid Rare+Crafts.psd [2010.09.17 17:56:16 | 000,215,225 | ---- | C] () -- C:\Users\iDGames\Desktop\Druid Stats.jpg [2010.09.17 17:56:10 | 002,812,312 | ---- | C] () -- C:\Users\iDGames\Desktop\Druid Stats.psd [2010.09.16 14:55:28 | 000,001,074 | ---- | C] () -- C:\Users\iDGames\Desktop\Resident Evil 5.lnk [2010.09.15 13:25:16 | 002,141,543 | ---- | C] () -- C:\Users\iDGames\Desktop\Essen Menü.psd [2010.09.14 18:32:19 | 000,000,020 | ---- | C] () -- C:\Users\iDGames\AppData\Roaming\apiqfw.dat [2010.09.14 18:32:16 | 000,000,004 | ---- | C] () -- C:\Users\iDGames\AppData\Roaming\avdrn.dat [2010.09.13 20:57:38 | 000,001,155 | ---- | C] () -- C:\Users\iDGames\Desktop\GameLauncher.exe - Shortcut.lnk [2010.09.08 16:36:13 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk [2010.08.21 23:51:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2010.08.21 23:28:24 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk [2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2010.06.04 00:45:19 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010.04.26 12:45:04 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2010.03.17 00:07:03 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.03.17 00:07:03 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.03.08 20:02:21 | 000,003,584 | ---- | C] () -- C:\Users\iDGames\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.29 12:32:08 | 000,847,360 | ---- | C] () -- C:\Windows\System32\JS32.dll [2009.10.03 11:39:25 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.10.03 11:39:24 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.09.09 23:09:38 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.08.22 19:40:00 | 000,138,056 | ---- | C] () -- C:\Users\iDGames\AppData\Roaming\PnkBstrK.sys [2009.08.22 19:39:38 | 000,000,300 | ---- | C] () -- C:\Windows\game.ini [2009.08.19 14:46:12 | 000,137,976 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.08.18 21:30:24 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2009.08.18 21:30:24 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2009.08.18 21:30:24 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat ========== LOP Check ========== [2009.09.10 11:31:57 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Blitware [2009.09.09 23:15:22 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\DAEMON Tools Lite [2009.08.26 22:22:07 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\ImgBurn [2010.03.04 19:31:20 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Leadertech [2010.09.09 15:13:28 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Miranda [2010.04.07 17:33:00 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Mobipocket [2010.07.03 21:31:06 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Need for Speed World [2010.04.07 15:49:15 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Nokia [2010.04.07 15:49:16 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Nokia Ovi Suite [2009.08.26 13:02:01 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\OpenOffice.org [2010.03.27 15:09:17 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Opera [2010.04.07 15:45:13 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\PC Suite [2009.10.29 11:52:49 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\runic games [2009.11.23 18:47:24 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\TeamViewer [2010.08.02 21:52:34 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\TS3Client [2010.04.15 09:38:53 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Ubisoft [2010.09.16 00:25:21 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\uTorrent [2010.08.01 21:31:23 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Wormux [2010.07.22 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\XRay Engine [2010.05.09 16:08:45 | 000,000,000 | ---D | M] -- C:\Users\Mami\AppData\Roaming\ImgBurn [2010.09.12 02:44:00 | 000,000,454 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job [2010.09.07 22:17:07 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.05.19 17:56:53 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Adobe [2010.02.12 12:23:58 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\ATI [2009.09.10 11:31:57 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Blitware [2009.09.09 23:15:22 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\DAEMON Tools Lite [2010.06.26 15:02:05 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\dvdcss [2010.04.25 11:40:34 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Google [2010.01.19 16:12:33 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Hamachi [2009.08.18 18:09:31 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Identities [2009.08.26 22:22:07 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\ImgBurn [2009.08.24 11:42:52 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\InstallShield [2010.03.04 19:31:20 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Leadertech [2009.08.18 19:59:34 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Macromedia [2009.07.14 09:49:10 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Media Center Programs [2010.07.03 21:30:26 | 000,000,000 | --SD | M] -- C:\Users\iDGames\AppData\Roaming\Microsoft [2010.09.09 15:13:28 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Miranda [2010.04.07 17:33:00 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Mobipocket [2009.08.19 16:11:08 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Mozilla [2010.07.03 21:31:06 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Need for Speed World [2010.04.07 15:49:15 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Nokia [2010.04.07 15:49:16 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Nokia Ovi Suite [2009.08.26 13:02:01 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\OpenOffice.org [2010.03.27 15:09:17 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Opera [2010.04.07 15:45:13 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\PC Suite [2009.09.11 21:36:51 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Real [2009.10.29 11:52:49 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\runic games [2010.03.06 13:48:27 | 000,000,000 | RH-D | M] -- C:\Users\iDGames\AppData\Roaming\SecuROM [2010.09.10 21:19:03 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Skype [2010.09.10 16:04:32 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\skypePM [2009.09.28 12:36:01 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\teamspeak2 [2009.11.23 18:47:24 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\TeamViewer [2010.08.02 21:52:34 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\TS3Client [2010.04.15 09:38:53 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Ubisoft [2010.09.16 00:25:21 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\uTorrent [2010.06.04 00:46:36 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Ventrilo [2010.09.18 18:11:08 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\vlc [2010.09.18 15:52:48 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Winamp [2009.08.18 21:36:38 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\WinRAR [2010.08.01 21:31:23 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Wormux [2010.09.15 16:35:35 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\Xfire [2010.07.22 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\iDGames\AppData\Roaming\XRay Engine < %APPDATA%\*.exe /s > [2010.09.18 17:51:50 | 000,664,576 | ---- | M] (Fast Maus AG) -- C:\Users\iDGames\AppData\Roaming\hotfix.exe [2010.04.07 15:53:12 | 000,050,008 | R--- | M] () -- C:\Users\iDGames\AppData\Roaming\Microsoft\Installer\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}\_6FEFF9B68218417F98F549.exe [2010.07.09 10:42:45 | 069,222,840 | ---- | M] () -- C:\Users\iDGames\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe < %SYSTEMDRIVE%\*.exe > [2008.04.11 09:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2009.09.09 23:09:38 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010.06.30 08:21:47 | 000,185,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll [2009.07.14 03:16:18 | 000,489,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 20.09.2010 19:26:24 - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Users\iDGames\Desktop\Freigabe Virus
An unknown product Service Pack 2 (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698,54 Gb Total Space | 506,47 Gb Free Space | 72,50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 698,63 Gb Total Space | 441,17 Gb Free Space | 63,15% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: IDGAMES-PC
Current User Name: iDGames
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0FEA9A38-B993-0969-3A78-4D5CDDACEFEE}" = ATI Catalyst Install Manager
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1271150C-C048-40CD-07AD-5F6767EB5674}" = HydraVision
"{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{24440279-B0FC-E6FF-A2E8-52C6AE4B8E31}" = ATI AVIVO Codecs
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution
"{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine
"{31ECA0DA-4EE0-8C1E-484A-C304BAA9179A}" = Catalyst Control Center Graphics Previews Common
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3878A9A3-2448-7607-01EA-0DB9E31B7242}" = Catalyst Control Center Graphics Previews Vista
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call Of Pripyat [v1.6.01]
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{675DD1E6-637A-4F0E-B6DE-26F45CC26092}_is1" = AC2 server emulator 0.44 by Dormine
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D3F23CD-46F6-43A0-BE41-731321C1E947}" = DS2 All*Saves v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75670A63-A18E-5066-0A78-93F6865BA3AA}" = ccc-core-static
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7BD0D8F8-A13C-48D2-B201-4AD29A48AF34}" = Google SketchUp 7
"{7FB8B5C1-FA07-68A0-0386-DBB9ED26B7EA}" = AMD Drag and Drop Transcoding
"{8070452B-15D6-4169-B9B9-FCC3B54588AD}" = Nokia Ovi Suite
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{845FDC75-F31E-A75A-4300-593CAB195847}" = ccc-utility
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{94FB5B63-A65F-7E5D-560D-A79FB29EA52F}" = Catalyst Control Center InstallProxy
"{9699C9AA-8990-904D-FD1B-D931E437434D}" = CCC Help English
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{99BEB67F-B288-44F5-8B2A-23F5F522A1AE}_is1" = Universal Anticheat 2 v2.42
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0D65C73-F2C5-432F-8788-90F8A2E99B98}" = Nokia Ovi Suite Software Updater
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A563C4F4-BE36-4956-BA0B-E02BDD9F70D5}" = Dungeon Siege 2 Broken World
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BABAEBE4-9FFB-4B5D-9453-64FF11517CA2}" = Tom Clancy's Splinter Cell Chaos Theory
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}" = Nokia Software Updater
"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster für Battlefield Vietnam
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D9B3B577-26BD-4CB2-9072-8029AE097AFE}" = Quake Live Mozilla Plugin
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E426CEC1-35C5-42BF-913E-6EF8F1211D01}" = Overlord II
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AutoHotkey" = AutoHotkey 1.0.48.05
"avast!" = avast! Antivirus
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Diablo II" = Diablo II
"DungeonSiege2" = Dungeon Siege 2
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GeoGebra" = GeoGebra
"HyperCam 2" = HyperCam 2
"ImgBurn" = ImgBurn
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"JDownloader" = JDownloader
"LANconfig" = LANconfig
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Miranda IM" = Miranda IM 0.9.3
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Nokia Ovi Suite" = Nokia Ovi Suite
"Open Video Converter_is1" = Open Video Converter version 3.3
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"ST6UNST #1" = Hero Editor V0.96
"StarCraft II" = StarCraft II
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp
"Wormux" = Wormux
"Xfire" = Xfire (remove only)
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 28.01.2010 13:35:19 | Computer Name = iDGames-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
hxxp://ads.flashgames247.com/www/images/1x1.jpg failed, 00000005.
Error - 28.01.2010 13:35:21 | Computer Name = iDGames-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
hxxp://ads.flashgames247.com/www/images/1x1.jpg failed, 00000005.
Error - 05.03.2010 16:44:04 | Computer Name = iDGames-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
hxxp://www.timtube.com/ failed, 00000005.
[ Application Events ]
Error - 09.05.2010 06:52:58 | Computer Name = iDGames-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.
Error - 09.05.2010 06:53:23 | Computer Name = iDGames-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\videoconverter\VideoConverterX64.exe".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 09.05.2010 06:54:06 | Computer Name = iDGames-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\ati technologies\hydravision\Grid64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 09.05.2010 06:54:06 | Computer Name = iDGames-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\ati technologies\hydravision\HydraDM64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 09.05.2010 06:54:06 | Computer Name = iDGames-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\ati technologies\hydravision\HydraMD64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 11.05.2010 09:02:03 | Computer Name = iDGames-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iw3mp.exe, version: 0.0.0.0, time stamp:
0x4859a219 Faulting module name: atiumdva.dll, version: 8.14.10.254, time stamp:
0x4bbbde05 Exception code: 0xc0000005 Fault offset: 0x00001535 Faulting process id:
0xb50 Faulting application start time: 0x01caf0fcb76fadea Faulting application path:
C:\Games\Call of Duty 4 - Modern Warfare\iw3mp.exe Faulting module path: C:\Windows\system32\atiumdva.dll
Report
Id: 649dbfef-5cfd-11df-8c0c-0016e68bcd57
Error - 11.05.2010 11:06:38 | Computer Name = iDGames-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 1.9.1.3726, time
stamp: 0x4b9e5a0c Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x0001a585 Faulting process id: 0x770 Faulting application
start time: 0x01caf11b71c76117 Faulting application path: C:\Program Files\Mozilla
Firefox\firefox.exe Faulting module path: unknown Report Id: cbdda741-5d0e-11df-8c0c-0016e68bcd57
Error - 11.05.2010 12:29:18 | Computer Name = iDGames-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iw3mp.exe, version: 0.0.0.0, time stamp:
0x4859a219 Faulting module name: atiumdva.dll, version: 8.14.10.254, time stamp:
0x4bbbde05 Exception code: 0xc0000005 Fault offset: 0x00001535 Faulting process id:
0xf18 Faulting application start time: 0x01caf1249e7ce130 Faulting application path:
C:\Games\Call of Duty 4 - Modern Warfare\iw3mp.exe Faulting module path: C:\Windows\system32\atiumdva.dll
Report
Id: 585af055-5d1a-11df-bc84-0016e68bcd57
Error - 12.05.2010 05:51:19 | Computer Name = iDGames-PC | Source = VSS | ID = 8194
Description =
Error - 12.05.2010 06:00:18 | Computer Name = iDGames-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "F:\TagesSetup_x64.exe". Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
[ System Events ]
Error - 19.09.2010 07:31:17 | Computer Name = iDGames-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 19.09.2010 07:36:17 | Computer Name = iDGames-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 19.09.2010 07:36:17 | Computer Name = iDGames-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 19.09.2010 07:36:17 | Computer Name = iDGames-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 20.09.2010 17:03:09 | Computer Name = iDGames-PC | Source = Application Popup | ID = 875
Description = Driver sfsync02.sys has been blocked from loading.
Error - 20.09.2010 17:03:12 | Computer Name = iDGames-PC | Source = Application Popup | ID = 875
Description = Driver sfdrv01.sys has been blocked from loading.
Error - 20.09.2010 17:03:31 | Computer Name = iDGames-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 13:37:45 on ?19.?09.?2010 was unexpected.
Error - 20.09.2010 17:03:38 | Computer Name = iDGames-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the avast!
Antivirus service to connect.
Error - 20.09.2010 17:03:38 | Computer Name = iDGames-PC | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following
error: %%1053
Error - 20.09.2010 17:03:48 | Computer Name = iDGames-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sfdrv01 sfsync02
< End of report >
|
|
| Themen zu Microsoft Security Essentials Alert |
| alle programme, andere, anderen, beschreiben, eingefangen, entfernen, essen, fake, gen, geschlossen, gesuch, gesucht, hijack, hijackthis, meldung, microsoft, microsoft security, microsoft security essentials, modus, natürlich, programme, schonmal, security, task-manager, viren, virus, weiterhelfen, öffnen |
Linear-Darstellung
