| |
| |||||||
Log-Analyse und Auswertung: Google Suchergebnisse werden umgeleitetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
07.11.2010, 15:44
| #1 |
 |  Google Suchergebnisse werden umgeleitet Hallo Leute, ich hab ein Problem mit Firefox und Google Chrome, immer wenn ich mit Google was suche und dann raufklick schickt er mich auf eine andere Seite mit Werbung und so, erst beim 2. mal klicken auf dem Link gehts, hab Firefox schon par mal deinstalliert und die Dateien bei: \AppData\Local\Mozilla \AppData\Roaming\Mozilla gelöscht, hat leider alles nichts gebracht. Hoffentlich kann mir einer von Euch helfen. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:25:52, on 07.11.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.7930.16406) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Users\koka\AppData\Roaming\Microsoft\Windows\shell.exe C:\Windows\system32\taskhost.exe C:\Users\koka\AppData\Roaming\Microsoft\svchost.exe C:\Users\koka\AppData\Local\Temp\dwm.exe C:\Program Files\Athan\Athan.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Users\koka\Desktop\cript\CryptLoad.exe C:\Windows\explorer.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\explorer.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugin-container.exe C:\Users\koka\Downloads\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) F3 - REG:win.ini: load=C:\Users\koka\AppData\Local\Temp\dwm.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [VC10Player] C:\Program Files\Virtual CD v10\System\VC10Play.exe O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Core Temp] "C:\Users\koka\Desktop\Core Temp.exe" O4 - HKCU\..\Run: [Qzikuvoze] rundll32.exe "C:\Users\koka\AppData\Local\wexinta0.dll",Startup O4 - HKCU\..\Run: [Xyixubi] rundll32.exe "C:\Users\koka\AppData\Local\ejulemah.dll",Startup O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [svchost] C:\Users\koka\AppData\Roaming\Microsoft\svchost.exe O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: ʹÓÃUUSee¼ÓËÙ²¥•Å - C:\Program Files\uusee\geturltoplay.htm O8 - Extra context menu item: ʹÓÃUUSeeÏÂÔØ - C:\Program Files\uusee\geturltodown.htm O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - hxxp://www.henkuai.com/?from=iebannel (file missing) O9 - Extra 'Tools' menuitem: ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - hxxp://www.henkuai.com/?from=iebannel (file missing) O9 - Extra button: Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe (file missing) O9 - Extra 'Tools' menuitem: Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe (file missing) O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: hxxp://asia.msi.com.tw O15 - Trusted Zone: hxxp://global.msi.com.tw O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarRAM Service (StarRAMService) - StarWind Software - C:\Program Files\StarWind Software\RAM Disk\StarRAMService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Virtual CD v10 Management Service (VC10SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v10\System\VC10SecS.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 11288 bytes |
|
07.11.2010, 15:48
| #2 |
| /// Malware-holic   | Google Suchergebnisse werden umgeleitet ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide logs posten.
__________________ |
|
07.11.2010, 16:03
| #3 |
| | Google Suchergebnisse werden umgeleitet Danke für die schnelle Hilfe, hier sind die 2 Logs:
__________________Otl.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 07.11.2010 15:52:22 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\koka\Downloads An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.7930.16406) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 146,39 Gb Total Space | 11,12 Gb Free Space | 7,60% Space Free | Partition Type: NTFS Drive D: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 319,28 Gb Total Space | 9,51 Gb Free Space | 2,98% Space Free | Partition Type: NTFS Drive H: | 55,90 Gb Total Space | 8,01 Gb Free Space | 14,34% Space Free | Partition Type: NTFS Computer Name: KOKA-PC | User Name: koka | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\koka\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\koka\Downloads\HiJackThis204.exe (Trend Micro Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Users\koka\AppData\Local\Temp\dwm.exe () PRC - C:\Users\koka\AppData\Roaming\Microsoft\Windows\shell.exe () PRC - C:\Users\koka\AppData\Roaming\Microsoft\svchost.exe () PRC - C:\Users\koka\Desktop\Core Temp.exe () PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) PRC - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) PRC - C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe (Microsoft Corp.) PRC - C:\Program Files\StarWind Software\RAM Disk\StarRAMService.exe (StarWind Software) PRC - C:\Program Files\Athan\Athan.exe (www.IslamicFinder.org) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Fraps2323\fraps.exe (Beepa P/L) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH) PRC - C:\Users\koka\Desktop\cript\CryptLoad.exe (hxxp://cryptload.info) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.) PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\koka\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Fraps2323\fraps32.dll (Beepa P/L) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (TunngleService) -- C:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software) SRV - (StarRAMService) -- C:\Program Files\StarWind Software\RAM Disk\StarRAMService.exe (StarWind Software) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (VC10SecS) -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (WPRO_40_1340) WinPcap Packet Driver (WPRO_40_1340) -- C:\Windows\System32\drivers\WPRO_40_1340.sys File not found DRV - (MEMSWEEP2) -- C:\Windows\System32\54C5.tmp File not found DRV - (hSONYPVh) -- C:\Users\koka\AppData\Local\Temp\hSONYPVh.sys File not found DRV - (GarenaPEngine) -- C:\Users\koka\AppData\Local\Temp\PIL93C9.tmp File not found DRV - (cpuz130) -- C:\Users\koka\AppData\Local\Temp\cpuz130\cpuz_x32.sys File not found DRV - (CEDRIVER55) -- C:\Program Files\Cheat Engine\dbk32.sys File not found DRV - (CEDRIVER53) -- C:\Program Files\Cheat Engine\dbk32.sys File not found DRV - (ALSysIO) -- C:\Users\koka\AppData\Local\Temp\ALSysIO.sys File not found DRV - (vzheykjw) -- C:\Windows\System32\drivers\vzheykjw.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (PnkBstrK) -- C:\Windows\System32\drivers\PnkBstrK.sys () DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (SAVRKBootTasks) -- C:\Windows\System32\SAVRKBootTasks.sys (Sophos Plc) DRV - (MSI_DVD_010507) -- C:\Program Files\MSI\MSIWDev\DVDSYS32_100507.sys (Your Corporation) DRV - (MSI_MSIBIOS_010507) -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys (Your Corporation) DRV - (MSI_VGASYS_010507) -- C:\Program Files\MSI\MSIWDev\VGASYS32_100507.sys () DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.) DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.) DRV - (WmHidLo) -- C:\Windows\System32\drivers\WmHidLo.sys (Logitech Inc.) DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.) DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (EverestDriver) -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt () DRV - (USBTINSP) TI-Nspire(TM) -- C:\Windows\System32\drivers\tinspusb.sys (Texas Instruments) DRV - (StarRAM) -- C:\Windows\System32\drivers\StarRAM.sys (StarWind Software) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek ) DRV - (WinRing0_1_2_0) -- C:\Users\koka\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0.sys (OpenLibSys.org) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (athur) -- C:\Windows\System32\drivers\athur.sys (Atheros Communications, Inc.) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (PPortJoystick) -- C:\Windows\System32\drivers\PPortJoy.sys (Deon van der Westhuysen) DRV - (PPJoyBus) -- C:\Windows\System32\drivers\PPJoyBus.sys (Deon van der Westhuysen) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\System32\drivers\tap0901t.sys (Tunngle.net) DRV - (vdrv1000) -- C:\Windows\System32\drivers\vdrv1000.sys (H+H Software GmbH) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\System32\drivers\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (HH10Help.sys) -- C:\Windows\System32\drivers\HH10Help.sys (H+H Software GmbH) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (NWADI) -- C:\Windows\System32\drivers\NWADIenum.sys (Novatel Wireless Inc) DRV - (NWUSBPort) -- C:\Windows\System32\drivers\nwusbser.sys (Novatel Wireless Inc.) DRV - (NWUSBModem) -- C:\Windows\System32\drivers\nwusbmdm.sys (Novatel Wireless Inc.) DRV - (tv2ktunr) -- C:\Windows\System32\drivers\wf2ktunr.sys (Leadtek Research Inc.) DRV - (BT848) -- C:\Windows\System32\drivers\wf2kvcap.sys (Leadtek Research Inc.) DRV - (Tv2kXbar) -- C:\Windows\System32\drivers\wf2kXbar.sys (Leadtek Research Inc.) DRV - (netwg311) -- C:\Windows\System32\drivers\netwg311.sys (Texas Instruments) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2031075208-4094303136-2098935223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKU\S-1-5-21-2031075208-4094303136-2098935223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2031075208-4094303136-2098935223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2031075208-4094303136-2098935223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 F5 C8 37 2C F8 CA 01 [binary data] IE - HKU\S-1-5-21-2031075208-4094303136-2098935223-1000\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-2031075208-4094303136-2098935223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-2031075208-4094303136-2098935223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2031075208-4094303136-2098935223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370 ========== FireFox ========== FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 50370 FF - prefs.js..network.proxy.type: 1 FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 6\components [2010.11.07 14:26:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.10.02 13:39:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.09.10 05:50:14 | 000,000,000 | ---D | M] [2010.11.07 15:29:39 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\mozilla\Extensions [2010.11.07 15:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\koka\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll () O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O4 - HKLM..\Run: [Athan] C:\Program Files\Athan\Athan.exe (www.IslamicFinder.org) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [VC10Player] C:\Program Files\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH) O4 - HKU\S-1-5-21-2031075208-4094303136-2098935223-1000..\Run: [] File not found O4 - HKU\S-1-5-21-2031075208-4094303136-2098935223-1000..\Run: [Core Temp] C:\Users\koka\Desktop\Core Temp.exe () O4 - HKU\S-1-5-21-2031075208-4094303136-2098935223-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2031075208-4094303136-2098935223-1000..\Run: [svchost] C:\Users\koka\AppData\Roaming\Microsoft\svchost.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) F3 - HKU\S-1-5-21-2031075208-4094303136-2098935223-1000 WinNT: Load - (C:\Users\koka\AppData\Local\Temp\dwm.exe) - C:\Users\koka\AppData\Local\Temp\dwm.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2010.09.12 21:01:36 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 [2010.09.12 21:01:36 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2010.09.12 21:01:36 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2010.09.12 21:01:36 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 [2010.09.12 21:01:36 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2010.09.12 21:01:36 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2010.09.12 21:01:36 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2010.09.12 21:01:36 | 000,000,000 | ---D | M] O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - File not found O9 - Extra 'Tools' menuitem : ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - File not found O9 - Extra Button: Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe File not found O9 - Extra 'Tools' menuitem : Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2031075208-4094303136-2098935223-1000\..Trusted Domains: com ([www.msi] http in Trusted sites) O15 - HKU\S-1-5-21-2031075208-4094303136-2098935223-1000\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites) O15 - HKU\S-1-5-21-2031075208-4094303136-2098935223-1000\..Trusted Domains: com.tw ([global.msi] http in Trusted sites) O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class) O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab (SysInfo Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\S-1-5-21-2031075208-4094303136-2098935223-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-2031075208-4094303136-2098935223-1000 Winlogon: Shell - (C:\Users\koka\AppData\Roaming\Microsoft\Windows\shell.exe) - C:\Users\koka\AppData\Roaming\Microsoft\Windows\shell.exe () O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.05.01 19:12:14 | 000,000,023 | RH-- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{6c792c59-0c47-11df-b258-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6c792c59-0c47-11df-b258-806e6f6e6963}\Shell\AutoRun\command - "" = K:\starter.exe -- File not found O33 - MountPoints2\{78466aed-5cde-11df-b6a5-002421ee6a68}\Shell - "" = AutoRun O33 - MountPoints2\{78466aed-5cde-11df-b6a5-002421ee6a68}\Shell\AutoRun\command - "" = D:\laucher.exe -- File not found O33 - MountPoints2\{d3e50ddd-0c46-11df-a892-002421ee6a68}\Shell - "" = AutoRun O33 - MountPoints2\{d3e50ddd-0c46-11df-a892-002421ee6a68}\Shell\AutoRun\command - "" = K:\setup.exe -- File not found O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\laucher.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG311v2 Smart Configuration.lnk - C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe - () MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\koka\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) MsConfig - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) MsConfig - StartUpReg: WinFastDTV - hkey= - key= - C:\Program Files\WinFast\WFDTV\DTVSchdl.exe (Leadtek Research Inc.) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3fhg - C:\Windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.DIV3 - C:\Windows\System32\DivXc32.dll (Hacked with Joy !) Drivers32: VIDC.DIV4 - C:\Windows\System32\DivXc32f.dll (Hacked with Joy !) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll () Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: VIDC.HFYU - C:\Windows\System32\huffyuv.dll (Disappearing Inc.) Drivers32: vidc.i263 - C:\Windows\System32\I263_32.drv (Intel Corporation) Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: VIDC.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: VIDC.VP62 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: VIDC.VP70 - C:\Windows\System32\vp7vfw.dll (On2.com) Drivers32: VIDC.X264 - C:\Windows\System32\x264vfw.dll () Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) Drivers32: VIDC.ZMBV - C:\Windows\System32\zmbv.dll () ========== Files/Folders - Created Within 30 Days ========== [2010.11.07 15:48:14 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\System32\SAVRKBootTasks.sys [2010.11.07 15:38:42 | 000,041,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vzheykjw.sys [2010.11.07 14:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2010.11.07 14:26:24 | 000,000,000 | ---D | C] -- C:\Users\koka\AppData\Roaming\Mozilla [2010.11.07 14:26:24 | 000,000,000 | ---D | C] -- C:\Users\koka\AppData\Local\Mozilla [2010.11.07 14:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 6 [2010.11.05 20:34:26 | 000,000,000 | ---D | C] -- C:\Users\koka\AppData\Local\Microsoft Games [2010.11.03 21:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\Grand Theft Auto IV - Episodes From Liberty City [2010.10.31 22:49:34 | 000,000,000 | ---D | C] -- C:\Users\koka\AppData\Roaming\FreeVideoConverter [2010.10.31 22:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Free Video Converter [2010.10.31 22:38:04 | 000,054,744 | ---- | C] (StarWind Software) -- C:\Windows\System32\drivers\StarRAM.sys [2010.10.31 22:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\StarWind Software [2010.10.31 18:26:58 | 000,000,000 | ---D | C] -- C:\Users\koka\AppData\Local\{5101DC59-38B2-4395-8338-E65F0AF0B4F0} [2010.10.28 15:42:55 | 000,000,000 | ---D | C] -- C:\Users\koka\AppData\Local\SKIDROW [2010.10.26 15:50:39 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune [2010.10.25 17:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2010.10.24 14:06:17 | 000,000,000 | ---D | C] -- C:\Users\koka\Documents\4A Games [2010.10.24 14:01:32 | 000,000,000 | ---D | C] -- C:\Users\koka\AppData\Local\4A Games [2010.10.22 20:35:36 | 000,000,000 | ---D | C] -- C:\Users\koka\Desktop\TCPMP 0.81 [2010.10.22 19:41:30 | 000,217,088 | ---- | C] (BreakSoft) -- C:\Users\koka\Desktop\MobileRegistryEditor.exe [2010.10.22 19:41:30 | 000,049,152 | ---- | C] (OpenNETCF.org) -- C:\Users\koka\Desktop\OpenNETCF.Desktop.Communication.dll [2010.10.22 19:41:30 | 000,045,056 | ---- | C] ( ) -- C:\Users\koka\Desktop\BreakSoft.Windows.Forms.dll [2010.10.22 19:39:49 | 000,000,000 | ---D | C] -- C:\Users\koka\AppData\Local\BreakSoft [2010.10.22 19:26:48 | 000,000,000 | ---D | C] -- C:\Users\koka\Desktop\Neuer Ordner (2) [2010.10.20 16:29:17 | 000,000,000 | ---D | C] -- C:\123 [2010.10.19 17:06:43 | 000,000,000 | ---D | C] -- C:\Users\koka\Desktop\cart.php-Dateien [2010.10.17 04:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\GRETECH [2010.10.17 04:53:02 | 007,271,080 | ---- | C] (Gretech Corporation) -- C:\Users\koka\Desktop\GOMPLAYERENSETUP2.1.27.5031.EXE [2010.10.17 00:13:31 | 000,000,000 | ---D | C] -- C:\Users\koka\AppData\Local\Nem's Tools [2010.10.17 00:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Nem's Tools [2010.10.17 00:13:14 | 000,561,773 | ---- | C] (Ryan Gregg ) -- C:\Users\koka\Desktop\gcfscape181.exe [2010.10.16 13:35:48 | 000,879,845 | ---- | C] (pendrivelinux.com) -- C:\Users\koka\Desktop\Universal-USB-Installer-1.8.0.5.exe [2010.10.15 23:32:57 | 000,000,000 | ---D | C] -- C:\Users\koka\Desktop\orderok.jsp-Dateien [2010.10.14 13:01:19 | 000,000,000 | ---D | C] -- C:\Users\koka\Desktop\DesktopBackground [2010.10.13 14:05:01 | 000,000,000 | ---D | C] -- C:\Users\koka\Desktop\wakll [2010.10.12 17:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\AMX Mod X [2010.10.11 19:02:06 | 000,000,000 | ---D | C] -- C:\Users\koka\Desktop\minecraft [2010.10.11 15:20:42 | 000,000,000 | ---D | C] -- C:\Users\koka\AppData\Roaming\.minecraft server [2010.10.11 15:18:52 | 000,000,000 | ---D | C] -- C:\Users\koka\AppData\Roaming\minecraft [2010.10.11 15:01:39 | 000,000,000 | ---D | C] -- C:\Users\koka\Desktop\minecraft-server [2010.10.10 21:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\CAPCOM [2010.10.10 14:27:28 | 000,000,000 | ---D | C] -- C:\Program Files\Counter-Strike 1.6 [2010.10.10 12:35:04 | 000,000,000 | ---D | C] -- C:\Users\koka\AppData\Roaming\.minecraft [2010.10.08 19:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\Steamless Left4Dead Pack [2009.07.14 00:24:44 | 000,203,776 | ---- | C] (Ask.com) -- C:\Users\koka\AppData\Local\ejulemah.dll [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [16 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.07 15:45:05 | 000,000,116 | ---- | M] () -- C:\Users\koka\Desktop\Google Suchergebnisse werden umgeleitet - Trojaner-Board.URL [2010.11.07 15:43:02 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.11.07 15:38:51 | 000,041,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vzheykjw.sys [2010.11.07 15:13:09 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2031075208-4094303136-2098935223-1000UA.job [2010.11.07 15:11:55 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.07 15:11:55 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.07 15:06:37 | 000,000,120 | ---- | M] () -- C:\Users\koka\AppData\Local\Rsuvesazuyufomo.dat [2010.11.07 14:26:23 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 6.lnk [2010.11.07 13:44:02 | 000,001,557 | ---- | M] () -- C:\Users\koka\Desktop\UNRAR - Verknüpfung.lnk [2010.11.07 12:59:00 | 000,000,000 | ---- | M] () -- C:\Users\koka\AppData\Local\Mqeva.bin [2010.11.07 12:57:53 | 000,667,906 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.07 12:57:53 | 000,627,482 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.07 12:57:53 | 000,135,574 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.07 12:57:53 | 000,111,060 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.07 12:56:59 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.11.07 12:56:59 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.11.07 12:53:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.06 17:13:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2031075208-4094303136-2098935223-1000Core.job [2010.11.05 22:03:00 | 002,072,620 | ---- | M] () -- C:\Users\koka\Desktop\ts3_recording_10_11_05_22_2_44.wav [2010.11.05 15:07:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat [2010.11.04 20:16:01 | 000,001,092 | ---- | M] () -- C:\Users\koka\Desktop\SteamLess Left4Dead.lnk [2010.11.03 23:24:58 | 000,002,217 | ---- | M] () -- C:\Users\koka\Desktop\Grand Theft Auto IV - Episodes From Liberty City (2).lnk [2010.11.03 23:21:57 | 000,002,199 | ---- | M] () -- C:\Users\koka\Desktop\Grand Theft Auto IV - Episodes From Liberty City.lnk [2010.11.03 22:32:13 | 000,007,615 | ---- | M] () -- C:\Users\koka\AppData\Local\Resmon.ResmonCfg [2010.11.03 16:52:00 | 000,001,258 | ---- | M] () -- C:\Users\koka\Desktop\Halo (F).lnk [2010.11.03 16:51:07 | 000,001,254 | ---- | M] () -- C:\Users\koka\Desktop\20091002_010730 (G) 0 Bytes.lnk [2010.11.03 16:51:03 | 000,000,350 | ---- | M] () -- C:\Users\koka\Desktop\Final Fantasy 8 (D) 0 Bytes.lnk [2010.11.02 22:58:56 | 000,813,009 | ---- | M] () -- C:\Users\koka\Desktop\109.mp3 [2010.11.02 22:57:09 | 002,188,145 | ---- | M] () -- C:\Users\koka\Desktop\098.mp3 [2010.11.02 21:23:08 | 006,220,108 | ---- | M] () -- C:\Users\koka\Desktop\11934.mp4 [2010.11.02 15:20:01 | 000,126,976 | ---- | M] () -- C:\Users\koka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.01 17:29:35 | 005,043,581 | ---- | M] () -- C:\Users\koka\Desktop\Agenda 2010.mp4 [2010.10.31 22:51:37 | 004,701,655 | ---- | M] () -- C:\Users\koka\Desktop\Wunder Schöne Koran mit Deutsche untertitel.mp3 [2010.10.31 22:50:11 | 001,367,280 | ---- | M] () -- C:\Users\koka\Desktop\Wunder Schöne Koran mit Deutsche untertitel.avi [2010.10.31 22:49:36 | 000,001,085 | ---- | M] () -- C:\Users\koka\Desktop\Free Video Converter.lnk [2010.10.31 22:47:45 | 000,001,057 | ---- | M] () -- C:\Users\koka\Desktop\Free FLV Converter.lnk [2010.10.31 22:38:04 | 000,001,060 | ---- | M] () -- C:\Users\koka\Desktop\StarWind RAM Disk.lnk [2010.10.31 22:15:48 | 010,859,310 | ---- | M] () -- C:\Users\koka\Desktop\Wunder Schöne Koran mit Deutsche untertitel.mp4 [2010.10.31 21:21:56 | 001,711,242 | ---- | M] () -- C:\Users\koka\Desktop\the best FATIHA soubhanallaaaah, Available in MP3 http __www.4shared.com_dir_8913979_1e64a69e_sharing.html [www.keepvid.com].flv [2010.10.31 12:50:05 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.10.31 12:06:12 | 000,000,201 | ---- | M] () -- C:\Users\koka\Desktop\Supercars 2.url [2010.10.31 11:55:51 | 000,001,414 | ---- | M] () -- C:\Users\koka\Desktop\Steam - Verknüpfung.lnk [2010.10.29 16:43:21 | 000,001,232 | ---- | M] () -- C:\Users\koka\Desktop\CoreTemp.ini [2010.10.27 13:50:52 | 000,290,733 | ---- | M] () -- C:\Users\koka\Desktop\Clip001.jpg [2010.10.27 13:50:32 | 000,363,435 | ---- | M] () -- C:\Users\koka\Desktop\Clip000.jpg [2010.10.26 06:17:54 | 000,000,211 | ---- | M] () -- C:\Users\koka\Desktop\ICQ Spiele.url [2010.10.24 19:15:47 | 000,000,978 | ---- | M] () -- C:\Users\Public\Desktop\Warzone 2100.lnk [2010.10.23 19:12:35 | 000,000,136 | ---- | M] () -- C:\Users\koka\Desktop\GRID - Verknüpfung.lnk [2010.10.21 22:58:54 | 000,001,200 | ---- | M] () -- C:\Users\koka\Desktop\hl2 - Verknüpfung.lnk [2010.10.21 22:55:44 | 000,001,643 | ---- | M] () -- C:\Users\koka\Desktop\Start Synergy - Verknüpfung.lnk [2010.10.19 17:06:43 | 000,009,556 | ---- | M] () -- C:\Users\koka\Desktop\cart.php.htm [2010.10.19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.10.18 09:11:52 | 000,000,949 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk [2010.10.17 04:53:47 | 007,271,080 | ---- | M] (Gretech Corporation) -- C:\Users\koka\Desktop\GOMPLAYERENSETUP2.1.27.5031.EXE [2010.10.17 00:13:18 | 000,561,773 | ---- | M] (Ryan Gregg ) -- C:\Users\koka\Desktop\gcfscape181.exe [2010.10.16 18:03:13 | 000,276,288 | ---- | M] () -- C:\Users\koka\Desktop\Black Mesa.flv [2010.10.16 13:36:00 | 000,879,845 | ---- | M] (pendrivelinux.com) -- C:\Users\koka\Desktop\Universal-USB-Installer-1.8.0.5.exe [2010.10.15 23:39:59 | 000,012,306 | ---- | M] () -- C:\Users\koka\Desktop\Microsoft Office Word-Dokument (neu).docx [2010.10.15 23:32:58 | 000,013,380 | ---- | M] () -- C:\Users\koka\Desktop\orderok.jsp.htm [2010.10.15 22:33:48 | 000,544,931 | ---- | M] () -- C:\Users\koka\Desktop\Unbenannt.jpg [2010.10.14 21:07:49 | 001,511,262 | ---- | M] () -- C:\Users\koka\Desktop\aoe-american_ts_for_www.goldesel.to.avi.part [2010.10.14 21:06:59 | 000,000,000 | ---- | M] () -- C:\Users\koka\Desktop\aoe-american_ts_for_www.goldesel.to.avi [2010.10.14 01:31:47 | 000,001,554 | ---- | M] () -- C:\Users\koka\Desktop\Launcher - Verknüpfung.lnk [2010.10.13 20:48:29 | 000,107,332 | ---- | M] () -- C:\Users\koka\Desktop\71352.jpg [2010.10.13 14:03:41 | 000,254,179 | ---- | M] () -- C:\Users\koka\Desktop\Audi_A3_Black_Edition.jpg [2010.10.13 14:03:30 | 000,011,054 | ---- | M] () -- C:\Users\koka\Desktop\17_~_Audi_A3_Black_Edition.htm [2010.10.13 12:25:05 | 000,257,229 | ---- | M] () -- C:\Users\koka\Desktop\Desktop.rar [2010.10.13 11:28:56 | 122,419,208 | ---- | M] () -- C:\Users\koka\Desktop\Nature HD.themepack [2010.10.11 17:19:05 | 000,000,939 | ---- | M] () -- C:\Users\koka\Desktop\minecraft_name - Verknüpfung.lnk [2010.10.10 14:28:56 | 000,001,002 | ---- | M] () -- C:\Users\koka\Desktop\Counter-Strike 1.6.lnk [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [16 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.07 15:45:05 | 000,000,116 | ---- | C] () -- C:\Users\koka\Desktop\Google Suchergebnisse werden umgeleitet - Trojaner-Board.URL [2010.11.07 14:26:23 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 6.lnk [2010.11.07 13:43:14 | 000,001,557 | ---- | C] () -- C:\Users\koka\Desktop\UNRAR - Verknüpfung.lnk [2010.11.05 22:02:48 | 002,072,620 | ---- | C] () -- C:\Users\koka\Desktop\ts3_recording_10_11_05_22_2_44.wav [2010.11.03 23:24:58 | 000,002,217 | ---- | C] () -- C:\Users\koka\Desktop\Grand Theft Auto IV - Episodes From Liberty City (2).lnk [2010.11.03 23:21:57 | 000,002,199 | ---- | C] () -- C:\Users\koka\Desktop\Grand Theft Auto IV - Episodes From Liberty City.lnk [2010.11.03 16:52:00 | 000,001,258 | ---- | C] () -- C:\Users\koka\Desktop\Halo (F).lnk [2010.11.03 16:51:07 | 000,001,254 | ---- | C] () -- C:\Users\koka\Desktop\20091002_010730 (G) 0 Bytes.lnk [2010.11.03 16:51:03 | 000,000,350 | ---- | C] () -- C:\Users\koka\Desktop\Final Fantasy 8 (D) 0 Bytes.lnk [2010.11.02 22:58:47 | 000,813,009 | ---- | C] () -- C:\Users\koka\Desktop\109.mp3 [2010.11.02 22:56:49 | 002,188,145 | ---- | C] () -- C:\Users\koka\Desktop\098.mp3 [2010.11.02 21:22:50 | 006,220,108 | ---- | C] () -- C:\Users\koka\Desktop\11934.mp4 [2010.11.01 17:29:25 | 005,043,581 | ---- | C] () -- C:\Users\koka\Desktop\Agenda 2010.mp4 [2010.10.31 22:55:22 | 000,087,796 | ---- | C] () -- C:\Users\koka\AppData\Local\StarPort.log [2010.10.31 22:51:28 | 004,701,655 | ---- | C] () -- C:\Users\koka\Desktop\Wunder Schöne Koran mit Deutsche untertitel.mp3 [2010.10.31 22:50:09 | 001,367,280 | ---- | C] () -- C:\Users\koka\Desktop\Wunder Schöne Koran mit Deutsche untertitel.avi [2010.10.31 22:49:36 | 000,001,085 | ---- | C] () -- C:\Users\koka\Desktop\Free Video Converter.lnk [2010.10.31 22:47:45 | 000,001,057 | ---- | C] () -- C:\Users\koka\Desktop\Free FLV Converter.lnk [2010.10.31 22:38:04 | 000,001,060 | ---- | C] () -- C:\Users\koka\Desktop\StarWind RAM Disk.lnk [2010.10.31 22:15:46 | 010,859,310 | ---- | C] () -- C:\Users\koka\Desktop\Wunder Schöne Koran mit Deutsche untertitel.mp4 [2010.10.31 21:21:48 | 001,711,242 | ---- | C] () -- C:\Users\koka\Desktop\the best FATIHA soubhanallaaaah, Available in MP3 http __www.4shared.com_dir_8913979_1e64a69e_sharing.html [www.keepvid.com].flv [2010.10.31 18:26:59 | 000,000,120 | ---- | C] () -- C:\Users\koka\AppData\Local\Rsuvesazuyufomo.dat [2010.10.31 18:26:59 | 000,000,000 | ---- | C] () -- C:\Users\koka\AppData\Local\Mqeva.bin [2010.10.31 11:47:07 | 000,000,201 | ---- | C] () -- C:\Users\koka\Desktop\Supercars 2.url [2010.10.31 11:28:34 | 000,001,414 | ---- | C] () -- C:\Users\koka\Desktop\Steam - Verknüpfung.lnk [2010.10.28 06:44:25 | 000,363,435 | ---- | C] () -- C:\Users\koka\Desktop\Clip000.jpg [2010.10.28 06:44:25 | 000,290,733 | ---- | C] () -- C:\Users\koka\Desktop\Clip001.jpg [2010.10.26 06:17:54 | 000,000,211 | ---- | C] () -- C:\Users\koka\Desktop\ICQ Spiele.url [2010.10.23 19:12:35 | 000,000,136 | ---- | C] () -- C:\Users\koka\Desktop\GRID - Verknüpfung.lnk [2010.10.21 22:58:08 | 000,001,200 | ---- | C] () -- C:\Users\koka\Desktop\hl2 - Verknüpfung.lnk [2010.10.20 18:29:40 | 000,001,643 | ---- | C] () -- C:\Users\koka\Desktop\Start Synergy - Verknüpfung.lnk [2010.10.19 22:44:26 | 000,053,248 | ---- | C] () -- C:\Users\koka\AppData\Roaming\chrtmp [2010.10.19 17:06:42 | 000,009,556 | ---- | C] () -- C:\Users\koka\Desktop\cart.php.htm [2010.10.18 09:11:52 | 000,000,949 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk [2010.10.16 18:03:12 | 000,276,288 | ---- | C] () -- C:\Users\koka\Desktop\Black Mesa.flv [2010.10.15 23:34:19 | 000,012,306 | ---- | C] () -- C:\Users\koka\Desktop\Microsoft Office Word-Dokument (neu).docx [2010.10.15 23:32:57 | 000,013,380 | ---- | C] () -- C:\Users\koka\Desktop\orderok.jsp.htm [2010.10.15 22:33:48 | 000,544,931 | ---- | C] () -- C:\Users\koka\Desktop\Unbenannt.jpg [2010.10.14 21:06:58 | 000,000,000 | ---- | C] () -- C:\Users\koka\Desktop\aoe-american_ts_for_www.goldesel.to.avi [2010.10.14 21:06:56 | 001,511,262 | ---- | C] () -- C:\Users\koka\Desktop\aoe-american_ts_for_www.goldesel.to.avi.part [2010.10.14 01:31:47 | 000,001,554 | ---- | C] () -- C:\Users\koka\Desktop\Launcher - Verknüpfung.lnk [2010.10.13 20:48:28 | 000,107,332 | ---- | C] () -- C:\Users\koka\Desktop\71352.jpg [2010.10.13 14:03:40 | 000,254,179 | ---- | C] () -- C:\Users\koka\Desktop\Audi_A3_Black_Edition.jpg [2010.10.13 14:03:29 | 000,011,054 | ---- | C] () -- C:\Users\koka\Desktop\17_~_Audi_A3_Black_Edition.htm [2010.10.13 12:25:05 | 000,257,229 | ---- | C] () -- C:\Users\koka\Desktop\Desktop.rar [2010.10.13 11:08:53 | 122,419,208 | ---- | C] () -- C:\Users\koka\Desktop\Nature HD.themepack [2010.10.13 11:05:18 | 000,001,232 | ---- | C] () -- C:\Users\koka\Desktop\CoreTemp.ini [2010.10.11 17:19:05 | 000,000,939 | ---- | C] () -- C:\Users\koka\Desktop\minecraft_name - Verknüpfung.lnk [2010.10.10 14:28:56 | 000,001,002 | ---- | C] () -- C:\Users\koka\Desktop\Counter-Strike 1.6.lnk [2010.10.10 11:38:14 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.10.08 19:11:52 | 000,001,092 | ---- | C] () -- C:\Users\koka\Desktop\SteamLess Left4Dead.lnk [2010.09.02 07:11:25 | 000,000,480 | ---- | C] () -- C:\Windows\{3D00025F-C839-4312-A402-5C86723B8AC8}_WiseFW.ini [2010.09.02 07:10:38 | 000,000,286 | ---- | C] () -- C:\Windows\{AC59B86B-4E39-47C8-B79A-3EC33B86FB47}_WiseFW.ini [2010.08.23 16:24:25 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.08.23 16:24:23 | 003,200,512 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2010.08.23 16:24:23 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.08.23 16:24:23 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.08.23 16:24:23 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.07.31 17:45:04 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.07.01 22:19:03 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2010.06.19 11:56:31 | 000,000,774 | ---- | C] () -- C:\Users\koka\AppData\Roaming\MPQEditor.ini [2010.06.13 13:23:49 | 000,000,204 | ---- | C] () -- C:\Windows\struct~.ini [2010.05.11 10:55:43 | 000,006,649 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010.05.10 23:47:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.22 05:58:01 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys [2010.04.20 18:20:39 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2010.04.20 18:20:39 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll [2010.04.20 18:20:39 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll [2010.04.20 15:54:48 | 000,019,456 | ---- | C] () -- C:\Users\koka\AppData\Local\WebpageIcons.db [2010.04.14 18:22:20 | 000,000,122 | ---- | C] () -- C:\Windows\kaillera.ini [2010.04.14 00:56:06 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.03.22 18:37:57 | 000,000,133 | -HS- | C] () -- C:\Windows\WSYS049.SYS [2010.03.04 16:38:18 | 000,000,028 | ---- | C] () -- C:\Windows\System32\WFD_List.ini [2010.02.21 17:28:07 | 000,000,454 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.02.16 11:10:47 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2010.02.12 19:02:04 | 000,000,092 | ---- | C] () -- C:\Users\koka\AppData\Local\fusioncache.dat [2010.02.12 15:43:26 | 000,139,832 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.02.12 15:43:26 | 000,138,056 | ---- | C] () -- C:\Users\koka\AppData\Roaming\PnkBstrK.sys [2010.02.06 10:48:02 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2010.02.02 20:17:27 | 000,000,081 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.01.30 18:40:12 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.01.30 18:40:11 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.01.29 22:11:54 | 000,007,615 | ---- | C] () -- C:\Users\koka\AppData\Local\Resmon.ResmonCfg [2010.01.28 21:06:53 | 000,126,976 | ---- | C] () -- C:\Users\koka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.28 21:06:50 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.01.28 20:41:31 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.01.28 20:29:24 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2010.01.28 20:29:24 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.10.20 19:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2009.07.14 01:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.05.27 10:48:08 | 000,094,208 | ---- | C] () -- C:\Windows\System32\zmbv.dll [2009.02.04 10:50:32 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsis_loader.dll [2007.06.21 16:11:24 | 000,000,266 | ---- | C] () -- C:\Program Files\Common Files\hama.de - Download-Area Gamecontroller.url [2006.09.13 12:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.03.22 18:46:21 | 000,000,000 | -HSD | M] -- C:\Users\koka\AppData\Roaming\.# [2010.10.11 15:21:34 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\.minecraft [2010.09.20 00:22:32 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\.minecraft server [2010.05.04 05:17:39 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Ace [2010.02.28 13:36:24 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Activision [2010.01.30 12:58:15 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Adobe [2010.07.04 22:34:29 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Ahead [2010.05.13 19:32:33 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Anthropics [2010.09.11 19:58:49 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Apple Computer [2010.03.04 16:29:38 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\ArcSoft [2010.02.12 20:09:01 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Ashampoo [2010.05.23 14:53:36 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Atari [2010.01.28 20:33:49 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\ATI [2010.03.26 23:31:27 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Avira [2010.10.04 23:10:14 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Azureus [2010.05.01 19:47:20 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Bioshock2 [2010.10.04 22:20:02 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\BlackBean [2010.04.14 01:11:03 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Boilsoft [2010.09.16 21:20:02 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\CadSoft [2010.04.14 00:56:10 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Canneverbe Limited [2010.06.20 17:19:52 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\concept design [2010.02.11 18:40:21 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\CoSoSys [2010.01.30 19:56:33 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Crayon Physics Deluxe [2010.01.29 16:11:46 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\DAEMON Tools Lite [2010.05.15 20:09:18 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\DivX [2010.09.22 19:27:25 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\dvdcss [2010.07.31 17:45:28 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\EPSON [2010.04.14 17:29:31 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\fltk.org [2010.10.31 22:58:08 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Free Download Manager [2010.04.14 02:19:15 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\FreeFLVConverter [2010.10.31 22:49:51 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\FreeVideoConverter [2010.02.27 22:40:24 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\FUEL Demo [2010.06.13 13:38:44 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\GHISLER [2010.04.25 03:38:42 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\GoPal Assistant [2010.05.11 10:59:45 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\HP [2010.11.07 02:25:11 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\ICQ [2010.01.28 20:17:13 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Identities [2010.09.08 15:30:13 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\InstallShield [2010.06.06 14:54:43 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\InstallShield Installation Information [2010.06.29 13:57:42 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Kodak [2010.07.30 23:21:48 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Leadertech [2010.02.05 15:29:55 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Locktime [2010.01.29 16:02:02 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Macromedia [2009.07.14 09:56:56 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Media Center Programs [2010.07.22 14:59:38 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Media Player Classic [2010.11.05 20:25:08 | 000,000,000 | --SD | M] -- C:\Users\koka\AppData\Roaming\Microsoft [2010.03.14 18:21:16 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Microsoft Game Studios [2010.10.11 15:18:53 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\minecraft [2010.03.14 21:37:46 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Move Networks [2010.11.07 15:37:39 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Mozilla [2010.07.05 20:39:47 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Need for Speed World [2010.03.09 19:00:26 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\New Technology Studio [2010.09.10 05:53:23 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Nokia [2010.09.10 05:53:23 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Nokia Ovi Suite [2010.07.08 12:35:16 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Notepad++ [2010.03.14 16:09:42 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\NVIDIA [2010.09.03 22:48:20 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\OpenOffice.org [2010.06.13 12:04:12 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\PC Suite [2010.08.18 04:33:11 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\ProtectDisc [2010.09.05 17:20:02 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Raptr [2010.04.09 14:36:09 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Red Alert 3 Demo [2010.09.22 17:30:36 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\RigNRoll_ger [2010.06.29 13:57:39 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\SANYO [2010.03.08 18:19:38 | 000,000,000 | RH-D | M] -- C:\Users\koka\AppData\Roaming\SecuROM [2010.05.11 21:10:26 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Skype [2010.05.11 19:50:29 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\skypePM [2010.06.13 13:19:23 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\StreamTorrent [2010.04.13 00:02:34 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\teamspeak2 [2010.04.04 12:39:20 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Teeworlds [2010.09.08 15:59:29 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Thunderbird [2010.10.10 14:36:53 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\TS3Client [2010.01.28 20:46:08 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\TuneUp Software [2010.11.07 02:24:58 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Tunngle [2010.07.22 20:53:01 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\Uniblue [2010.09.08 15:33:08 | 000,000,000 | --SD | M] -- C:\Users\koka\AppData\Roaming\Virtual CD v10 [2010.11.07 13:36:09 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\vlc [2010.01.28 20:29:44 | 000,000,000 | ---D | M] -- C:\Users\koka\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.09.20 04:54:59 | 000,232,504 | ---- | M] () -- C:\Users\koka\AppData\Roaming\.minecraft\minecraft.exe [2010.06.06 14:53:59 | 000,331,776 | ---- | M] (Epic Games ) -- C:\Users\koka\AppData\Roaming\InstallShield Installation Information\{6530FDAA-5B1F-4830-95BB-650E9804D239}\setup.exe [2010.11.05 20:24:37 | 000,105,984 | ---- | M] () -- C:\Users\koka\AppData\Roaming\Microsoft\svchost.exe [2010.03.11 16:43:45 | 000,012,862 | R--- | M] () -- C:\Users\koka\AppData\Roaming\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe [2010.07.28 02:49:18 | 000,094,208 | R--- | M] () -- C:\Users\koka\AppData\Roaming\Microsoft\Installer\{31800004-6386-4999-A519-518F2D78D8F0}\python_icon.exe [2010.09.13 17:50:26 | 000,119,808 | R--- | M] () -- C:\Users\koka\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe [2010.07.31 01:10:16 | 000,004,608 | R--- | M] () -- C:\Users\koka\AppData\Roaming\Microsoft\Installer\{CFA1AFC5-F1DF-11D7-8904-0007953863DD}\IconCFA1AFC52.exe [2010.11.05 20:25:06 | 000,114,688 | ---- | M] () -- C:\Users\koka\AppData\Roaming\Microsoft\Windows\shell.exe [2010.09.20 04:54:59 | 000,232,504 | ---- | M] () -- C:\Users\koka\AppData\Roaming\minecraft\.minecraft\minecraft.exe [2010.03.14 21:37:46 | 000,144,053 | ---- | M] () -- C:\Users\koka\AppData\Roaming\Move Networks\uninstall.exe [2010.02.11 20:31:38 | 000,097,216 | ---- | M] () -- C:\Users\koka\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe [2010.07.09 09:42:45 | 069,222,840 | ---- | M] () -- C:\Users\koka\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.01.28 20:41:31 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll [2009.07.14 02:16:18 | 000,489,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll [16 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 894 bytes -> C:\Windows\System32\drivers\vzheykjw.sys:changelist @Alternate Data Stream - 24 bytes -> C:\Windows:81FFAA8E077C5372 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2C14C495 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D73C9AB3 < End of report > ------------------------------------------------------------------------------------- Und Extra.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.11.2010 15:52:22 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\koka\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,39 Gb Total Space | 11,12 Gb Free Space | 7,60% Space Free | Partition Type: NTFS
Drive D: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 319,28 Gb Total Space | 9,51 Gb Free Space | 2,98% Space Free | Partition Type: NTFS
Drive H: | 55,90 Gb Total Space | 8,01 Gb Free Space | 14,34% Space Free | Partition Type: NTFS
Computer Name: KOKA-PC | User Name: koka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2031075208-4094303136-2098935223-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MakePak] -- "C:/123\makepak.bat" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1 -- [2010.09.12 21:01:36 | 000,000,000 | ---D | M]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1 -- [2010.09.12 21:01:36 | 000,000,000 | ---D | M]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1 -- [2010.09.12 21:01:36 | 000,000,000 | ---D | M]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1 -- [2010.09.12 21:01:36 | 000,000,000 | ---D | M]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uusee\UUSeePlayer.exe" = C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01DBF423-E27B-45DA-B7F3-F9D4DB39B1C9}" = DRIV3R
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{080D5C34-6D9B-236B-2983-90507B4651CE}" = CCC Help English
"{0824EE6D-137F-4B83-9628-8E7B000BEBA6}" = Rail Simulator
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 1.1.3
"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{10C51313-A308-4B40-90E3-B368D5882660}" = Virtual CD v10
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{11D6DF85-2731-45CA-BD80-E342CA0E033F}_is1" = RigNRoll (Nur entfernen)
"{18756A46-652E-4ED4-A029-C4940D59F09B}" = Nokia PC Suite
"{18C21482-1A58-7508-AB2B-3E4347E17155}" = CCC Help Spanish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2205B8AE-490E-43F2-AB43-C13C2BEC86A7}" = DDS Thumbnail Viewer
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
"{28FB7853-A6ED-4F67-8635-9F0E863FC0AD}" = WinFast Codec-TS SDK
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31800004-6386-4999-A519-518F2D78D8F0}" = Python 2.5.1
"{38700C90-0536-4240-8B08-3F83E2CD8AAD}" = Windows Internet Explorer Platform Preview
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D00025F-C839-4312-A402-5C86723B8AC8}" = TI-Nspire™ Computer Link Software
"{3EF5F588-B2EF-84C3-D537-7AB5A558AE4D}" = Catalyst Control Center Graphics Previews Vista
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{418EC9DD-25EE-4C3F-8827-B7AA9B26405B}" = WinFast Multimedia Driver Installation
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{543EB8F8-7F5B-C089-8CA2-9E6851813E1E}" = CCC Help Portuguese
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{5454085C-840F-4070-8FAA-441000028301}" = BioShock 2
"{5454085C-840F-4070-8FAA-441000028302}" = BioShock 2
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{60D32CDC-E3BE-4578-BA10-29322307CDDC}" = Logitech Gaming Software 5.10
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{6730FE95-BA44-6919-BE01-428C428CAF58}" = CCC Help French
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A8B580A-835F-3013-F3C0-0017C253BB97}" = ccc-core-static
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D0042A0-9064-4C7F-B906-3EAC4427EE07}_is1" = Counter-Strike Source DZ
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F947BCE-FFCF-2E8C-B1DF-147054CB4C76}" = Catalyst Control Center Localization All
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{723300FC-DA13-D893-C768-18511B387AFE}" = CCC Help Italian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform
"{75662DF2-AB17-88BF-4204-CEA77627ACB4}" = CCC Help Greek
"{75E607CF-7BAE-4B88-84B3-97F3DF44BA28}" = FEARCombat
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7B4D193B-D76D-308B-8B12-5D9BB1CBCE6C}" = Microsoft Visual Basic Power Packs 3.0
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{7FC94731-E586-2CEE-1D24-DAA24F11E8A1}" = CCC Help German
"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8AD2CC46-F48D-4b79-B21C-39CE163CA3CB}}_is1" = WinWAP for Windows 4.2
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E5328C4-737C-54B0-C698-18F41967FE21}" = ATI Catalyst Install Manager
"{8ED35B48-AFBD-4F32-8271-2257AD8B907E}_is1" = Grand Theft Auto IV - Episodes From Liberty City
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{936D42B8-FE51-41D5-A74A-6182F6CDB17B}" = NETGEAR WG311v2 802.11g Wireless PCI Adapter
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Premium
"{9A0E0340-C3D7-42D1-96D4-64179FD456AE}" = WinFast De-interlace SDK
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A36D9CD0-6C2D-82E1-0710-92975A953621}" = CCC Help Polish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A7B44FB6-5631-4A4A-9DAD-82F7E3C767B9}" = Visual C++ Runtime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC59B86B-4E39-47C8-B79A-3EC33B86FB47}" = Connectivity Library and TI-Nspire™ handheld drivers
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AD4B8AF1-4BB5-F1E6-5854-E9E02DA3A7C6}" = Catalyst Control Center Graphics Previews Common
"{ADD72094-D289-4714-A62E-70574478A2BC}" = System Requirements Lab for Intel
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF9848E2-5F19-4E49-9E6E-044FBDC28404}" = WinFast TT-SB SDK
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B7F293A4-8666-6410-36F4-E47EB2029CCB}" = AMD Drag and Drop Transcoding
"{B8B4446F-87E1-4423-A47A-16832C24A199}" = Nokia Ovi Suite
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C92C584E-C781-475E-A8E2-C67D993A6B95}" = WinFast PVR2
"{C9E270CC-AE42-4BD8-B9C6-1EB3A8657FF5}" = Just Cause 1.00.0000
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CFA1AFC5-F1DF-11D7-8904-0007953863DD}" = Mafia SchneeMOD
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D79A717E-073E-4FDA-A854-BF81D7A52297}_is1" = Source Dedicated Server DZ
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{EAC4DDCE-F45E-88FD-034D-AB4B05AC8C77}" = ccc-utility
"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater
"{F014B581-3DE9-42DB-A128-13D7A9A91B69}" = Catalyst Control Center InstallProxy
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F406725C-F677-AD5E-F4F9-38EAB56EAE8D}" = CCC Help Hungarian
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF1E64D7-700D-4503-972E-50D38B38FA39}" = Mobilink
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AMX Mod X Installer" = AMX Mod X Installer 1.8.1
"AnyDVD" = AnyDVD
"ArtMoney SE_is1" = ArtMoney SE v7.33
"Athan" = Athan Basic 3.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Call of Duty 4 Multiplayer Backup_is1" = Call of Duty 4 Multiplayer Backup 0.9.2
"CCleaner" = CCleaner
"Cheatbook Database 2010" = Cheatbook Database 2010
"Cisco Packet Tracer 5.3.1_is1" = Cisco Packet Tracer 5.3.1
"Counter-Strike 1.6" = Counter-Strike 1.6
"CSS FULL DZ [Oct 15 2007]" = CSS FULL DZ [Oct 15 2007] v18.1
"DDS Converter 2.1" = DDS Converter 2.1
"D-Fend Reloaded" = D-Fend Reloaded 0.9.1 (deinstallieren)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EAGLE 5.10.0" = EAGLE 5.10.0
"EAX(tm) Unified (SHELL)" = EAX(tm) Unified (SHELL)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Flv Recorder_is1" = FlvRecorder
"Fraps" = Fraps (remove only)
"Free Download Manager_is1" = Free Download Manager 3.0
"Free FLV Converter_is1" = Free FLV Converter V 6.93.0
"Free Video Converter_is1" = Free Video Converter V 2.9
"GameSpy Arcade" = GameSpy Arcade
"GCFScape_is1" = GCFScape 1.8.1
"GT Interactive - Driver" = GT Interactive - Driver
"GTR Evolution_1.1.1.2_is1" = GTR Evolution
"HD Tune_is1" = HD Tune 2.55
"Hogs Of War" = Frontschweine
"InstallShield_{0824EE6D-137F-4B83-9628-8E7B000BEBA6}" = Rail Simulator
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"InstallShield_{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{936D42B8-FE51-41D5-A74A-6182F6CDB17B}" = NETGEAR WG311v2 802.11g Wireless PCI Adapter
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"JoyIDs" = PJP's JoyIDs
"Kantaris_is1" = Kantaris Media Player 0.6.4
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.3.0
"Metro 2033 Update 2_is1" = Metro 2033 Update 2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"ModernRcon v0.8" = ModernRcon v0.8
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 4.0b6 (x86 de)" = Mozilla Firefox 4.0b6 (x86 de)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"pcsx2-r3113" = PCSX2 - Playstation 2 Emulator
"pcsx2-r3878" = PCSX2 - Playstation 2 Emulator
"PPJoy Joystick Driver" = PPJoy Joystick Driver 0.8.4.5
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"RADVideo" = RAD Video Tools
"Raptr" = Raptr
"RAR Password Cracker" = RAR Password Cracker 4.12
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.328
"RealVNC_is1" = VNC Free Edition 4.1.3
"Rigs of Rods" = Rigs of Rods
"Simple Port Tester2.1.1" = Simple Port Tester
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"StarWind RAM Disk_is1" = StarWind RAM Disk (build 2010-03-10)
"Steam App 50280" = Mafia II - Demo
"Steam App 630" = Alien Swarm
"Steam App 92" = Codename Gordon
"Steamless Left4Dead Pack" = Steamless Left4Dead Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tunngle beta_is1" = Tunngle beta
"UUSEE_base" = UUSee ²¥·Å²å¼þ»ù´¡°ü 6.1.122.1
"VirtualBus" = VirtualBus A6C RC2.2
"VLC media player" = VLC media player 1.1.4
"VLMC" = VideoLAN Movie Creator
"Warzone 2100" = Warzone 2100
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9C
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Zattoo4" = Zattoo4 4.0.5
"zbattle.net_is1" = zbattle.net 1.09 SR-1 beta
"ZMBV" = Zip Motion Block Video codec (Remove Only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2031075208-4094303136-2098935223-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"CBS Hamburg Rahlstedt" = CBS Hamburg Rahlstedt
"Google Chrome" = Google Chrome
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"Move Media Player" = Move Media Player
"vGrabber 1.3" = vGrabber 1.3
"WinSetupFromUSB" = WinSetupFromUSB
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
07.11.2010, 17:50
| #4 |
| /// Malware-holic | Google Suchergebnisse werden umgeleitet • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL PRC - C:\Users\koka\AppData\Local\Temp\dwm.exe () PRC - C:\Users\koka\AppData\Roaming\Microsoft\Windows\shell.exe () PRC - C:\Users\koka\AppData\Roaming\Microsoft\svchost.exe () DRV - (WPRO_40_1340) WinPcap Packet Driver (WPRO_40_1340) -- C:\Windows\System32\drivers\WPRO_40_1340.sys File not found DRV - (MEMSWEEP2) -- C:\Windows\System32\54C5.tmp File not found DRV - (hSONYPVh) -- C:\Users\koka\AppData\Local\Temp\hSONYPVh.sys File not found DRV - (GarenaPEngine) -- C:\Users\koka\AppData\Local\Temp\PIL93C9.tmp File not found DRV - (cpuz130) -- C:\Users\koka\AppData\Local\Temp\cpuz130\cpuz_x32.sys File not found DRV - (CEDRIVER55) -- C:\Program Files\Cheat Engine\dbk32.sys File not found DRV - (CEDRIVER53) -- C:\Program Files\Cheat Engine\dbk32.sys File not found DRV - (ALSysIO) -- C:\Users\koka\AppData\Local\Temp\ALSysIO.sys File not found DRV - (vzheykjw) -- C:\Windows\System32\drivers\vzheykjw.sys (Microsoft Corporation) O4 - HKU\S-1-5-21-2031075208-4094303136-2098935223-1000..\Run: [] File not found O4 - HKU\S-1-5-21-2031075208-4094303136-2098935223-1000..\Run: [svchost] C:\Users\koka\AppData\Roaming\Microsoft\svchost.exe () F3 - HKU\S-1-5-21-2031075208-4094303136-2098935223-1000 WinNT: Load - (C:\Users\koka\AppData\Local\Temp\dwm.exe) - C:\Users\koka\AppData\Local\Temp\dwm.exe () O20 - HKU\S-1-5-21-2031075208-4094303136-2098935223-1000 Winlogon: Shell - (C:\Users\koka\AppData\Roaming\Microsoft\Windows\shell.exe) - C:\Users\koka\AppData\Roaming\Microsoft\Windows\shell.exe () O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found [2010.11.07 15:06:37 | 000,000,120 | ---- | M] () -- C:\Users\koka\AppData\Local\Rsuvesazuyufomo.dat [2010.11.07 12:59:00 | 000,000,000 | ---- | M] () -- C:\Users\koka\AppData\Local\Mqeva.bin [2010.11.05 20:24:37 | 000,105,984 | ---- | M] () -- C:\Users\koka\AppData\Roaming\Microsoft\svchost.exe [2010.11.05 20:25:06 | 000,114,688 | ---- | M] () -- C:\Users\koka\AppData\Roaming\Microsoft\Windows\shell.exe :FILES :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort posten. öffne mein computer, c: _OTL rechtsklick aauf moved files, zu moved files.zip oder rar hinzufügen. archiv zu uns hochladen. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.11.2010, 19:43
| #5 |
| | Google Suchergebnisse werden umgeleitet Ok danke hab ich gemacht. Auch die Movedfiles hab ich geuploaded! All processes killed ========== OTL ========== No active process named dwm.exe was found! No active process named shell.exe was found! Process svchost.exe killed successfully! Error: No service named WPRO_40_1340) WinPcap Packet Driver (WPRO_40_1340 was found to stop! Service\Driver key WPRO_40_1340) WinPcap Packet Driver (WPRO_40_1340 not found. File C:\Windows\System32\drivers\WPRO_40_1340.sys File not found not found. Service MEMSWEEP2 stopped successfully! Service MEMSWEEP2 deleted successfully! File C:\Windows\System32\54C5.tmp File not found not found. Service hSONYPVh stopped successfully! Service hSONYPVh deleted successfully! File C:\Users\koka\AppData\Local\Temp\hSONYPVh.sys File not found not found. Service GarenaPEngine stopped successfully! Service GarenaPEngine deleted successfully! File C:\Users\koka\AppData\Local\Temp\PIL93C9.tmp File not found not found. Service cpuz130 stopped successfully! Service cpuz130 deleted successfully! File C:\Users\koka\AppData\Local\Temp\cpuz130\cpuz_x32.sys File not found not found. Service CEDRIVER55 stopped successfully! Service CEDRIVER55 deleted successfully! File C:\Program Files\Cheat Engine\dbk32.sys File not found not found. Service CEDRIVER53 stopped successfully! Service CEDRIVER53 deleted successfully! File C:\Program Files\Cheat Engine\dbk32.sys File not found not found. Error: Unable to stop service ALSysIO! Service ALSysIO deleted successfully! File C:\Users\koka\AppData\Local\Temp\ALSysIO.sys File not found not found. Error: Unable to stop service vzheykjw! Service\Driver key vzheykjw not found. File C:\Windows\System32\drivers\vzheykjw.sys not found. Registry value HKEY_USERS\S-1-5-21-2031075208-4094303136-2098935223-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-2031075208-4094303136-2098935223-1000\Software\Microsoft\Windows\CurrentVersion\Run\\svchost deleted successfully. C:\Users\koka\AppData\Roaming\Microsoft\svchost.exe moved successfully. C:\Users\koka\AppData\Local\Temp\dwm.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-2031075208-4094303136-2098935223-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\koka\AppData\Local\Temp\dwm.exe deleted successfully. Registry value HKEY_USERS\S-1-5-21-2031075208-4094303136-2098935223-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\koka\AppData\Roaming\Microsoft\Windows\shell.exe deleted successfully. C:\Users\koka\AppData\Roaming\Microsoft\Windows\shell.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. C:\Users\koka\AppData\Local\Rsuvesazuyufomo.dat moved successfully. C:\Users\koka\AppData\Local\Mqeva.bin moved successfully. File C:\Users\koka\AppData\Roaming\Microsoft\svchost.exe not found. File C:\Users\koka\AppData\Roaming\Microsoft\Windows\shell.exe not found. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: koka ->Flash cache emptied: 73037 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: koka ->Temp folder emptied: 9291513 bytes ->Temporary Internet Files folder emptied: 32303573 bytes ->Java cache emptied: 42180598 bytes ->FireFox cache emptied: 46618405 bytes ->Google Chrome cache emptied: 9535658 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1024000 bytes %systemroot%\System32 .tmp files removed: 12810784 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 437878 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 147,00 mb OTL by OldTimer - Version 3.2.17.3 log created on 11072010_193014 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
07.11.2010, 19:57
| #6 |
| /// Malware-holic | Google Suchergebnisse werden umgeleitet bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ --> Google Suchergebnisse werden umgeleitet |
Linear-Darstellung
