Hallo Kira,
danke für Deine Antwort.
Wie gesagt, ich habe den befallenen Rechner nicht hier. Ich konnte ein Hijackthislog und -Fix machen und einen OTL-Quick-Scan, dann musste der betroffenen Freund wieder weg samt Laptop. Nach Entfernen der svghost.exe war das Symptom weg. Ich habe sie jetzt hier auf einem Stick.
Vor einer guten Woche hatte ihm ein anderer Freund versucht zu helfen; dieser hat von Stick gebootet, Avira Antivir von CD durchlaufen lassen und auch Malwarebytes Anti-Malware durchlaufen lassen ohne auffällige Funde. (Seit der neuen Signatur vom 25.08. erkennt Antivir jetzt aber das Teil)
Soll ich jetzt die beiden oberflächlichen Logs posten (Hijackthis und OTL-Quickscan) oder Dir die svghost schicken?
Ich hatte gehofft, Ihr Spezialisten könntet anhand der Datei erkennen, ob es ein harmloses Standalone-Progrämmchen war oder mit einer Backdoor zusammenhängt. Meinem Eindruck nach hat es nicht mehr gemacht, als den roten Bildschirm auszuspucken. Mehr Symptom als ernsthafte Krankheit.
Ich selbst habe aber nur Sandboxie und traue mich nicht, es da rein zu stecken. Wozu auch, ich habe kein Programm, das aufzeichnen kann, was es genau tut oder was für Internetverbindungen aufgebaut werden und habe davon auch keine Ahnung.
Entschuldige, dass mir der Laptop für den normalen Routine-Gesamtputz nicht zur Verfügung steht, ich hoffe, Du kannst mir trotzdem ein Feedback geben.
Liebe Grüße
EDIT: Es kann ja nicht schaden zu posten, was ich an Logs habe:
Hijackthis vorm Fixen:
HiJackthis Logfile: Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:02:33, on 01.09.2011
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3311)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\CPUCooL\CooLSrv.exe
C:\Programme\LogMeIn\x86\RaMaint.exe
C:\Programme\LogMeIn\x86\LogMeIn.exe
C:\Programme\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe
C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Identities\{5A4546EB-1C8E-11DD-8E4E-806D6172696F}\svghost.exe
C:\WINDOWS\system32\wuauclt.exe
H:\haidschk.com.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKCU\..\Run: [{5A4546EB-1C8E-11DD-8E4E-806D6172696F}] C:\Dokumente und Einstellungen\***\Anwendungsdaten\Identities\{5A4546EB-1C8E-11DD-8E4E-806D6172696F}\svghost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-854245398-1682526488-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Programme\CPUCooL\CooLSrv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programme\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programme\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programme\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programme\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: tinc.kanzownet - Unknown owner - C:\Programme\tinc\tincd (file missing)
O23 - Service: TunngleService - Unknown owner - C:\Programme\Tunngle\TnglCtrl.exe (file missing)
--
End of file - 5484 bytes
--- --- ---
tinc.kanzownet ist dabei ein privates Netzwerk, das er sich mit einem Freund eingerichtet hat.
OTL-Quickscan:
1. Extras.txt
OTL Logfile: Code:
OTL Extras logfile created on: 02.09.2011 00:38:21 - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = H:\
Windows XP Professional Edition Service Pack 3, v.3311 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.3311)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 82,78% Memory free
5,85 Gb Paging File | 5,67 Gb Available in Paging File | 96,99% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 51,39 Gb Total Space | 3,39 Gb Free Space | 6,60% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 8,54 Gb Free Space | 17,50% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 2,25 Gb Free Space | 4,62% Space Free | Partition Type: NTFS
Drive H: | 1,89 Gb Total Space | 1,89 Gb Free Space | 99,92% Space Free | Partition Type: FAT
Computer Name: FRED | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1"
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1"
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"57258:TCP" = 57258:TCP:*:Enabled:Pando Media Booster
"57258:UDP" = 57258:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"655:TCP" = 655:TCP:*:Enabled:tinc
"57258:TCP" = 57258:TCP:*:Disabled:Pando Media Booster
"57258:UDP" = 57258:UDP:*:Disabled:Pando Media Booster
"8396:TCP" = 8396:TCP:*:Enabled:League of Legends Launcher
"8396:UDP" = 8396:UDP:*:Enabled:League of Legends Launcher
"6885:TCP" = 6885:TCP:*:Enabled:League of Legends Launcher
"6885:UDP" = 6885:UDP:*:Enabled:League of Legends Launcher
"6927:TCP" = 6927:TCP:*:Enabled:League of Legends Launcher
"6927:UDP" = 6927:UDP:*:Enabled:League of Legends Launcher
"6881:TCP" = 6881:TCP:*:Enabled:League of Legends Launcher
"6881:UDP" = 6881:UDP:*:Enabled:League of Legends Launcher
"8397:TCP" = 8397:TCP:*:Enabled:League of Legends Launcher
"8397:UDP" = 8397:UDP:*:Enabled:League of Legends Launcher
"6994:TCP" = 6994:TCP:*:Enabled:League of Legends Launcher
"6994:UDP" = 6994:UDP:*:Enabled:League of Legends Launcher
"6902:TCP" = 6902:TCP:*:Enabled:League of Legends Launcher
"6902:UDP" = 6902:UDP:*:Enabled:League of Legends Launcher
"6906:TCP" = 6906:TCP:*:Enabled:League of Legends Launcher
"6906:UDP" = 6906:UDP:*:Enabled:League of Legends Launcher
"6963:TCP" = 6963:TCP:*:Enabled:League of Legends Launcher
"6963:UDP" = 6963:UDP:*:Enabled:League of Legends Launcher
"8398:TCP" = 8398:TCP:*:Enabled:League of Legends Launcher
"8398:UDP" = 8398:UDP:*:Enabled:League of Legends Launcher
"8393:TCP" = 8393:TCP:*:Enabled:League of Legends Lobby
"8393:UDP" = 8393:UDP:*:Enabled:League of Legends Lobby
"8390:TCP" = 8390:TCP:*:Enabled:League of Legends Game Client
"8390:UDP" = 8390:UDP:*:Enabled:League of Legends Game Client
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Steam\steamapps\***\team fortress 2\hl2.exe" = E:\Steam\steamapps\***\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"E:\Steam\steamapps\***\source sdk base\hl2.exe" = E:\Steam\steamapps\***\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- ()
"E:\Steam\steamapps\***\insurgency\hl2.exe" = E:\Steam\steamapps\***\insurgency\hl2.exe:*:Enabled:hl2 -- ()
"E:\Steam\steamapps\***\diprip warm up\hl2.exe" = E:\Steam\steamapps\***\diprip warm up\hl2.exe:*:Enabled:hl2 -- ()
"E:\Minigames\World of Padman\wop.exe" = E:\Minigames\World of Padman\wop.exe:*:Enabled:wop
"C:\Programme\Hamachi\hamachi.exe" = C:\Programme\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- (LogMeIn Inc.)
"D:\spiele\MotoGP2\motogp2.exe" = D:\spiele\MotoGP2\motogp2.exe:*:Disabled:motogp2
"C:\Programme\tinc\tincd.exe" = C:\Programme\tinc\tincd.exe:*:Enabled:tincd.exe -- ()
"E:\Steam\steamapps\common\world of goo demo\WorldOfGoo.exe" = E:\Steam\steamapps\common\world of goo demo\WorldOfGoo.exe:*:Enabled:World of Goo Demo -- ()
"E:\Steam\Steam.exe" = E:\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"E:\Minigames\Table Tennis Pro V2 Lite\TTPro_DX9.exe" = E:\Minigames\Table Tennis Pro V2 Lite\TTPro_DX9.exe:*:Enabled:TTPro_DX9 -- ()
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"E:\Steam\steamapps\common\coil\coil.exe" = E:\Steam\steamapps\common\coil\coil.exe:*:Enabled:Coil -- (The Design Assembly GmbH)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:Programm zur Dateiübertragung -- (Microsoft Corporation)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:enable -- (Microsoft Corporation)
"D:\spiele\Borderlands\Gearbox Software\Borderlands\Binaries\Borderlands.exe" = D:\spiele\Borderlands\Gearbox Software\Borderlands\Binaries\Borderlands.exe:*:Disabled:Borderlands
"E:\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe" = E:\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:*:Disabled:Peggle Extreme -- ()
"E:\Steam\steamapps\buerokratenhuber\source sdk base 2007\hl2.exe" = E:\Steam\steamapps\buerokratenhuber\source sdk base 2007\hl2.exe:*:Enabled:Source SDK Base 2007 -- ()
"E:\Steam\steamapps\common\operation flashpoint dragon rising\OFDR.exe" = E:\Steam\steamapps\common\operation flashpoint dragon rising\OFDR.exe:*:Enabled:Operation Flashpoint: Dragon Rising
"D:\spiele\Campany of Heros\RelicCOH.exe" = D:\spiele\Campany of Heros\RelicCOH.exe:*:Enabled:RelicCOH -- (THQ Canada Inc.)
"E:\Steam\steamapps\common\osmos\osmos.exe" = E:\Steam\steamapps\common\osmos\osmos.exe:*:Enabled:Osmos -- (Hemisphere Games, Inc.)
"E:\Minigames\bb\BubBob.exe" = E:\Minigames\bb\BubBob.exe:*:Disabled:BubBob -- ()
"E:\Steam\steamapps\common\everyday shooter\EverydayShooter.exe" = E:\Steam\steamapps\common\everyday shooter\EverydayShooter.exe:*:Enabled:Everyday Shooter -- ()
"E:\Steam\steamapps\common\guns of icarus\GunsOfIcarusWindows.exe" = E:\Steam\steamapps\common\guns of icarus\GunsOfIcarusWindows.exe:*:Enabled:Guns of Icarus -- ()
"D:\spiele\Campany of Heros\RelicDownloader\RelicDownloader.exe" = D:\spiele\Campany of Heros\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader -- (THQ Canada Inc.)
"E:\Steam\steamapps\common\gratuitous space battles\GSB.exe" = E:\Steam\steamapps\common\gratuitous space battles\GSB.exe:*:Enabled:Gratuitous Space Battles -- ()
"D:\spiele\LOL\air\LolClient.exe" = D:\spiele\LOL\air\LolClient.exe:*:Enabled:League of Legends Lobby
"D:\spiele\LOL\game\League of Legends.exe" = D:\spiele\LOL\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"D:\spiele\LOL\lol.launcher.exe" = D:\spiele\LOL\lol.launcher.exe:*:Enabled:League of Legends Launcher -- ()
"E:\Steam\steamapps\common\trackmania united\TmForever.exe" = E:\Steam\steamapps\common\trackmania united\TmForever.exe:*:Enabled:TrackMania United -- ()
"E:\Steam\steamapps\common\trackmania united\TmForeverLauncher.exe" = E:\Steam\steamapps\common\trackmania united\TmForeverLauncher.exe:*:Enabled:TrackMania United -- ()
"E:\Steam\steamapps\common\osmos igf demo\OsmosDemo.exe" = E:\Steam\steamapps\common\osmos igf demo\OsmosDemo.exe:*:Disabled:Osmos IGF Demo -- ()
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Disabled:Pando Media Booster -- ()
"H:\Installierte\Portal2\Portal 2\portal2.exe" = H:\Installierte\Portal2\Portal 2\portal2.exe:*:Enabled:portal2
"E:\Steam\steamapps\common\dogfighter\bin\x86_vc8\DogFighterSteam.exe" = E:\Steam\steamapps\common\dogfighter\bin\x86_vc8\DogFighterSteam.exe:*:Enabled:DogFighter -- (Instinct Technology Limited)
"E:\Steam\steamapps\***\counter-strike source\hl2.exe" = E:\Steam\steamapps\***\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"E:\Steam\steamapps\common\lead and gold gangs of the wild west\lag_win32_public_dev.exe" = E:\Steam\steamapps\common\lead and gold gangs of the wild west\lag_win32_public_dev.exe:*:Enabled:Lead and Gold - Gangs of the Wild West -- ()
"E:\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe" = E:\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe:*:Enabled:Audiosurf Demo -- ()
"E:\Steam\steamapps\common\plain sight\PlainSight.exe" = E:\Steam\steamapps\common\plain sight\PlainSight.exe:*:Enabled:Plain Sight -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}" = Video DVD Maker v3.15.0.31
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{49CC1A6A-3A1A-4EE7-913F-8106B51B59D1}" = Paragon Partition Manager 8.5 Professional
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{63A14955-DC18-49CA-9CE6-9229D0C1868D}" = LogMeIn
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.13
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AHL2" = AHL2 v1.0
"Any Video Converter_is1" = Any Video Converter 2.6.1
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.6 (Unicode)
"Company of Heroes" = Company of Heroes
"CPUCooL" = CPUCooL (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Dyson_is1" = Dyson v1.08
"FairStars CD Ripper_is1" = FairStars CD Ripper 1.27
"FileZilla" = FileZilla (remove only)
"foobar2000" = foobar2000 v1.1.7
"Fraps" = Fraps
"Free Video Converter_is1" = Free Video Converter V 2.7
"Hamachi" = Hamachi 1.0.1.5
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MPE" = MyPhoneExplorer
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Postal 2_is1" = Portal 2
"ProInst" = Intel PROSet Wireless
"SopCast" = SopCast 3.0.3
"Steam App 12830" = Operation Flashpoint: Dragon Rising
"Steam App 12900" = Audiosurf
"Steam App 16300" = Everyday Shooter
"Steam App 17700" = Insurgency
"Steam App 215" = Source SDK Base
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 220" = Half-Life 2
"Steam App 22010" = World of Goo Demo
"Steam App 240" = Counter-Strike: Source
"Steam App 29100" = Osmos IGF Demo
"Steam App 29180" = Osmos
"Steam App 31500" = Coil
"Steam App 3483" = Peggle Extreme
"Steam App 400" = Portal
"Steam App 41800" = Gratuitous Space Battles
"Steam App 42120" = Lead and Gold - Gangs of the Wild West
"Steam App 42500" = DogFighter
"Steam App 440" = Team Fortress 2
"Steam App 49800" = Guns of Icarus
"Steam App 49900" = Plain Sight
"Steam App 55000" = Flotilla
"Steam App 7200" = TrackMania United
"Streamripper" = Streamripper (Remove only)
"SystemRequirementsLab" = System Requirements Lab
"Table Tennis Pro V2 Lite_is1" = Table Tennis Pro V2 Lite (V2.32)
"tinc" = Tinc 1.0.9
"VLC media player" = VLC media player 1.0.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp (nur entfernen)
"WinRAR archiver" = WinRAR
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 09.11.2009 12:28:53 | Computer Name = FRED | Source = TnglCtrl.exe | ID = 0
Description =
Error - 09.11.2009 12:35:18 | Computer Name = FRED | Source = TnglCtrl.exe | ID = 0
Description =
Error - 09.11.2009 12:35:51 | Computer Name = FRED | Source = TnglCtrl.exe | ID = 0
Description =
Error - 09.11.2009 12:40:53 | Computer Name = FRED | Source = TnglCtrl.exe | ID = 0
Description =
Error - 09.11.2009 12:40:53 | Computer Name = FRED | Source = TnglCtrl.exe | ID = 0
Description =
Error - 09.11.2009 12:41:49 | Computer Name = FRED | Source = TnglCtrl.exe | ID = 0
Description =
Error - 09.11.2009 12:42:04 | Computer Name = FRED | Source = TnglCtrl.exe | ID = 0
Description =
Error - 15.11.2009 16:44:01 | Computer Name = FRED | Source = TnglCtrl.exe | ID = 0
Description =
Error - 01.12.2009 10:46:48 | Computer Name = FRED | Source = MsiInstaller | ID = 11722
Description = Produkt: Borderlands -- Fehler 1722. Es liegt ein dieses Windows Installer-Paket
betreffendes Problem vor. Ein Programm, das im Rahmen der Installation ausgeführt
wurde, wurde nicht erfolgreich abgeschlossen. Wenden Sie sich an das Supportpersonal
oder den Hersteller des Pakets. Aktion: RCDecrypt57, Pfad: D:\spiele\Borderlands\Gearbox
Software\Borderlands\Binaries\SetupHelper.exe, Befehl: "D:\spiele\Borderlands\Gearbox
Software\Borderlands\" -decr -installge -allusers
Error - 08.02.2010 18:52:21 | Computer Name = FRED | Source = MsiInstaller | ID = 11704
Description = Produkt: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1704.Eine
Installation von Microsoft .NET Framework 3.0 Service Pack 2 ist im Augenblick
unterbrochen. Sie müssen die von dieser Installation vorgenommenen Änderungen rückgängig
machen, bevor Sie den Vorgang fortsetzen können. Möchten Sie diese Änderungen rückgängig
machen?
[ System Events ]
Error - 01.09.2011 18:10:07 | Computer Name = FRED | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 01.09.2011 18:29:51 | Computer Name = FRED | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der
SID (S-1-5-18) für Benutzer NT-AUTORITÄT\SYSTEM keine Startberechtigung (Lokal)
für die COM-Serveranwendung mit CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} gewährt.
Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 01.09.2011 18:30:01 | Computer Name = FRED | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Lbd
Error - 01.09.2011 18:30:18 | Computer Name = FRED | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 01.09.2011 18:30:18 | Computer Name = FRED | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 01.09.2011 18:30:19 | Computer Name = FRED | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 01.09.2011 18:34:20 | Computer Name = FRED | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der
SID (S-1-5-18) für Benutzer NT-AUTORITÄT\SYSTEM keine Startberechtigung (Lokal)
für die COM-Serveranwendung mit CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} gewährt.
Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 01.09.2011 18:34:28 | Computer Name = FRED | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Lbd
Error - 01.09.2011 18:34:56 | Computer Name = FRED | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 01.09.2011 18:34:56 | Computer Name = FRED | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
< End of report >
--- --- ---
2. OTL.txt:
OTL Logfile: Code:
OTL logfile created on: 02.09.2011 00:38:21 - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = H:\
Windows XP Professional Edition Service Pack 3, v.3311 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.3311)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 82,78% Memory free
5,85 Gb Paging File | 5,67 Gb Available in Paging File | 96,99% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 51,39 Gb Total Space | 3,39 Gb Free Space | 6,60% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 8,54 Gb Free Space | 17,50% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 2,25 Gb Free Space | 4,62% Space Free | Partition Type: NTFS
Drive H: | 1,89 Gb Total Space | 1,89 Gb Free Space | 99,92% Space Free | Partition Type: FAT
Computer Name: FRED | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.08.30 13:53:06 | 000,580,096 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2008.11.11 00:12:14 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Programme\LogMeIn\x86\ramaint.exe
PRC - [2008.11.11 00:12:05 | 000,087,360 | ---- | M] (LogMeIn, Inc.) -- C:\Programme\LogMeIn\x86\LMIGuardian.exe
PRC - [2008.10.16 18:14:56 | 001,368,064 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008.10.16 17:55:42 | 001,191,936 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008.04.14 04:22:44 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.02.28 15:31:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Programme\LogMeIn\x86\LogMeIn.exe
PRC - [2007.07.31 18:22:58 | 000,118,784 | ---- | M] () -- C:\Programme\CPUCooL\CooLSRV.exe
========== Modules (No Company Name) ==========
MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.07.31 18:22:58 | 000,118,784 | ---- | M] () -- C:\Programme\CPUCooL\CooLSRV.exe
MOD - [2007.06.20 12:21:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (TunngleService)
SRV - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.06.02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.12.26 14:19:49 | 001,947,879 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\tinc\tincd.exe -- (tinc.kanzownet)
SRV - [2008.11.11 00:12:14 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Programme\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2008.10.16 18:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.10.16 18:05:38 | 000,905,216 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008.10.16 17:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.02.28 15:31:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Programme\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007.07.31 18:22:58 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Programme\CPUCooL\CooLSRV.exe -- (CPUCooLServer)
========== Driver Services (SafeList) ==========
DRV - [2010.05.31 16:13:01 | 000,137,344 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hwpsgt.sys -- (hwpsgt)
DRV - [2010.05.31 16:13:00 | 000,009,472 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lemsgt.sys -- (lemsgt)
DRV - [2009.09.28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.09.17 16:59:38 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.12.26 12:41:12 | 000,025,088 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2008.11.17 08:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008.11.13 03:17:13 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008.11.11 00:12:07 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008.11.11 00:12:07 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008.08.25 23:16:17 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008.08.13 17:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008.05.07 19:04:56 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.02.28 15:31:52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Programme\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008.02.12 03:16:54 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007.11.17 16:24:38 | 000,011,392 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ntiomin.sys -- (ntiomin)
DRV - [2007.08.10 13:52:44 | 004,603,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.08.08 20:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.07.30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.06.21 04:43:26 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007.05.31 15:19:22 | 000,096,896 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007.03.07 13:27:26 | 000,038,448 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2007.02.12 21:26:30 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ntiopnp.sys -- (ntiopnp)
DRV - [2006.11.17 16:57:34 | 000,210,224 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Si3531.sys -- (Si3531)
DRV - [2006.10.18 14:20:00 | 000,005,504 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2006.06.29 13:13:08 | 001,160,320 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004.11.11 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004.11.11 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004.11.01 11:21:00 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2004.03.24 04:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.goggle.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.7
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.5
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Dokumente und Einstellungen\Benjamino\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.09.01 22:35:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.07.03 21:02:04 | 000,000,000 | ---D | M]
[2008.07.02 13:17:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2011.09.01 23:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\dv0tu57l.default\extensions
[2010.10.19 02:58:08 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\dv0tu57l.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2011.07.20 22:01:56 | 000,000,000 | ---D | M] (Flashblock) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\dv0tu57l.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009.09.28 19:44:14 | 000,000,000 | ---D | M] (Phoenity Modern) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\dv0tu57l.default\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}
[2011.07.04 23:46:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\dv0tu57l.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.04.11 01:57:21 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\dv0tu57l.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.05.11 00:08:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\dv0tu57l.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011.06.19 01:45:19 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\dv0tu57l.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011.06.27 23:07:35 | 000,000,000 | ---D | M] (FireGestures) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\dv0tu57l.default\extensions\firegestures@xuldev.org
[2011.05.11 00:08:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\dv0tu57l.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2008.06.30 04:00:16 | 000,001,244 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\dv0tu57l.default\searchplugins\scroogle-ssl-german.xml
[2011.08.25 18:56:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.04.11 02:00:58 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.11 02:00:58 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.11 02:00:58 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.04.11 02:00:58 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.11 02:00:58 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011.08.25 19:00:10 | 000,000,822 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - File not found
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data]
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2008.05.07 23:54:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5d682d99-2a74-11de-a2fa-e5263fb947cf}\Shell - "" = AutoRun
O33 - MountPoints2\{5d682d99-2a74-11de-a2fa-e5263fb947cf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5d682d99-2a74-11de-a2fa-e5263fb947cf}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
O33 - MountPoints2\{8248345f-7459-11de-a353-a56f088f18a2}\Shell - "" = AutoRun
O33 - MountPoints2\{8248345f-7459-11de-a353-a56f088f18a2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8248345f-7459-11de-a353-a56f088f18a2}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.09.02 00:33:25 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Benjamino\Recent
[2011.08.25 18:55:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.08.25 18:34:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.09.02 00:34:37 | 000,070,387 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011.09.02 00:34:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.09.02 00:34:15 | 2145,542,144 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.02 00:08:18 | 000,000,940 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Verknüpfung mit {5A4546EB-1C8E-11DD-8E4E-806D6172696F}.lnk
[2011.09.01 23:02:11 | 000,070,387 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011.09.01 22:50:14 | 000,000,488 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2011.09.01 22:30:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.08.25 19:00:10 | 000,000,822 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.08.23 21:37:31 | 000,002,235 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2011.08.14 19:03:23 | 000,442,260 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.08.14 19:03:23 | 000,426,404 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.08.14 19:03:23 | 000,078,016 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.08.14 19:03:23 | 000,065,414 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.08.14 19:01:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.09.02 00:08:18 | 000,000,940 | ---- | C] () -- C:\Dokumente und Einstellungen\Benjamino\Desktop\Verknüpfung mit {5A4546EB-1C8E-11DD-8E4E-806D6172696F}.lnk
[2011.09.01 22:49:44 | 000,000,488 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2011.08.23 23:54:00 | 2145,542,144 | -HS- | C] () -- C:\hiberfil.sys
[2011.03.21 21:51:33 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011.03.21 21:51:31 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011.03.21 21:51:25 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010.06.20 15:41:53 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010.05.31 16:13:01 | 000,137,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\hwpsgt.sys
[2010.05.31 16:13:00 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\lemsgt.sys
[2010.05.27 12:33:35 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.12.24 00:00:18 | 000,000,039 | ---- | C] () -- C:\WINDOWS\baseinfo.ini
[2009.11.01 21:59:11 | 000,000,217 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2009.10.28 16:54:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat
[2009.09.28 13:41:29 | 000,070,387 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009.09.02 20:04:34 | 000,000,126 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2008.12.17 23:01:10 | 000,003,942 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.11.28 00:22:39 | 000,065,384 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2008.10.20 23:45:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.10.04 20:06:51 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008.09.07 12:09:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.08.25 23:16:18 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008.08.25 23:16:17 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008.07.22 18:54:03 | 000,000,291 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008.07.16 22:37:30 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008.07.05 01:24:24 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008.07.04 21:29:12 | 004,245,008 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2008.07.04 21:29:12 | 000,247,824 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2008.07.04 21:29:12 | 000,013,840 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2008.06.23 16:16:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2008.06.05 09:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.05.26 14:13:20 | 000,000,270 | ---- | C] () -- C:\WINDOWS\game.ini
[2008.05.19 21:47:55 | 000,000,023 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2008.05.08 00:44:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.05.08 00:43:45 | 000,096,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.05.07 23:56:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.05.07 23:51:45 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.05.07 19:09:51 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008.05.07 18:52:04 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2008.05.07 18:48:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008.05.07 18:44:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007.11.17 16:24:38 | 000,011,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntiomin.sys
[2007.06.20 12:21:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.06.20 12:21:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007.06.20 12:21:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.06.20 12:21:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007.06.20 12:21:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.06.20 12:21:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.06.20 12:21:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007.06.20 12:21:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007.02.12 21:26:30 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntiopnp.sys
[2004.11.11 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.11.11 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.11.11 14:00:00 | 000,442,260 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.11.11 14:00:00 | 000,426,404 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.11.11 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.11.11 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.11.11 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.11.11 14:00:00 | 000,078,016 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.11.11 14:00:00 | 000,065,414 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.11.11 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.11.11 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.11.11 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.11.11 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.11.11 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.11.11 14:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.11.11 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2008.11.22 02:13:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2DBoy
[2009.12.23 22:05:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2008.05.07 19:12:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro
[2009.07.19 15:44:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2010.10.13 23:39:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LAG
[2008.05.12 01:43:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LogMeIn
[2009.07.19 15:46:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2011.08.07 18:10:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files
[2009.09.28 19:38:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2010.06.28 14:16:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011.05.24 18:39:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania
[2010.01.07 14:42:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2009.10.28 16:53:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tunngle
[2010.01.07 14:42:26 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.06.28 14:07:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AnvSoft
[2011.02.02 17:24:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Any Video Converter
[2011.05.30 16:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Audacity
[2008.11.11 22:59:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Bioshock
[2009.12.23 22:05:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canneverbe_Limited
[2008.05.07 19:13:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Pro
[2008.12.18 00:29:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FairStars CD Ripper
[2011.08.15 02:05:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\foobar2000
[2010.06.28 14:26:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FreeVideoConverter
[2011.03.23 02:13:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\LolClient
[2010.07.23 00:36:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MyPhoneExplorer
[2009.07.19 15:47:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PC Suite
[2010.06.29 00:22:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings
[2008.07.18 14:36:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\streamripper
[2008.06.23 15:45:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teleca
[2008.05.20 17:20:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuneUp Software
[2009.11.09 16:49:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Tunngle
[2009.09.16 11:41:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\uTorrent
[2009.06.29 19:49:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Video DVD Maker FREE
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 72 bytes -> C:\WINDOWS:6C7124B57F2E7E88
@Alternate Data Stream - 118 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:FB1B13D8
< End of report >
--- --- ---
Virustotal.com zur umbenannten svghost.exe: Code:
AhnLab-V3 2011.09.02.00 2011.09.02 Trojan/Win32.PornoAsset
AntiVir 7.11.14.70 2011.09.02 TR/Ransom.EJ.2
Antiy-AVL 2.0.3.7 2011.09.02 Trojan/Win32.Lebag.gen
Avast 4.8.1351.0 2011.09.02 Win32:Crypt-KES [Trj]
Avast5 5.0.677.0 2011.09.02 Win32:Crypt-KES [Trj]
AVG 10.0.0.1190 2011.09.02 Generic24.ARMN
BitDefender 7.2 2011.09.02 Gen:Variant.Kazy.34956
ByteHero 1.0.0.1 2011.09.01 -
CAT-QuickHeal None 2011.09.02 -
ClamAV 0.97.0.0 2011.09.02 -
Commtouch 5.3.2.6 2011.09.02 -
Comodo 9964 2011.09.02 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2011.09.02 -
Emsisoft 5.1.0.11 2011.09.02 Trojan.Win32.Lebag!IK
eSafe 7.0.17.0 2011.09.01 Win32.GenVariant.Kaz
eTrust-Vet 36.1.8536 2011.09.02 -
F-Prot 4.6.2.117 2011.09.02 -
F-Secure 9.0.16440.0 2011.09.02 Gen:Variant.Kazy.34956
Fortinet 4.3.370.0 2011.09.02 W32/Lebag.CX!tr
GData 22 2011.09.02 Gen:Variant.Kazy.34956
Ikarus T3.1.1.107.0 2011.09.02 Trojan.Win32.Lebag
Jiangmin 13.0.900 2011.09.01 -
K7AntiVirus 9.111.5080 2011.09.01 Trojan
Kaspersky 9.0.0.837 2011.09.02 Trojan.Win32.Lebag.eak
McAfee 5.400.0.1158 2011.09.02 Artemis!EABEA41B35D2
McAfee-GW-Edition 2010.1D 2011.09.02 Artemis!EABEA41B35D2
Microsoft 1.7604 2011.09.02 Trojan:Win32/Ransom.EJ
NOD32 6429 2011.09.02 a variant of Win32/Kryptik.SCV
Norman 6.07.11 2011.09.02 W32/Suspicious_Gen2.PMNTO
nProtect 2011-09-02.01 2011.09.02 Gen:Variant.Kazy.34956
Panda 10.0.3.5 2011.09.01 Generic Trojan
PCTools 8.0.0.5 2011.09.02 Trojan.Gen
Prevx 3.0 2011.09.02 -
Rising 23.73.01.03 2011.08.30 -
Sophos 4.69.0 2011.09.02 Troj/Zbot-AWT
SUPERAntiSpyware 4.40.0.1006 2011.09.02 -
Symantec 20111.2.0.82 2011.09.02 Trojan.Gen.2
TheHacker 6.7.0.1.287 2011.09.02 Trojan/Lebag.eak
TrendMicro 9.500.0.1008 2011.09.01 PAK_Generic.001
TrendMicro-HouseCall 9.500.0.1008 2011.09.02 TROJ_GEN.R3EC2HP
VBA32 3.12.16.4 2011.09.02 Trojan.Winlock.01506
VIPRE 10345 2011.09.02 Trojan.Win32.Generic!SB.0
ViRobot 2011.9.2.4653 2011.09.02 -
VirusBuster 14.0.197.0 2011.09.01 Trojan.Chepvil.Gen!Pac.3
Additional information
MD5 : eabea41b35d2896c961158fc172764f5
SHA1 : c99d5aa16e20eea0349f7876065e4a8dc7009ccb
SHA256: 9a877155f32f2249e64590d660e0871c143511a1c8a747026656703b828115ba
ssdeep: 1536:uHFyECn32TD6+XnUgp/DfdW5S3F82TOZbvSlYU9Z+HL:WyZn3M6KnRzdWwC2aZbvSlhz
File size : 72192 bytes
First seen: 2011-08-24 14:20:14
Last seen : 2011-09-02 11:51:37
TrID:
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers (F-Prot): UPX
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x298A0
timedatestamp....: 0x460E40FF (Sat Mar 31 11:07:43 2007)
machinetype......: 0x14c (I386)
[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
UPX0, 0x1000, 0x18000, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
UPX1, 0x19000, 0x11000, 0x10A00, 7.96, d29538891ecf5def6a18e0d83497c1cf
.rsrc, 0x2A000, 0x1000, 0xC00, 3.84, ed34892a6b653ed0a34ab4b06f91f5e7
[[ 9 import(s) ]]
KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
ADVAPI32.DLL: RegCloseKey
COMCTL32.DLL: InitCommonControlsEx
GDI32.DLL: BitBlt
MPR.DLL: WNetGetLastErrorW
MSVCRT.DLL: _j0
SHELL32.DLL: ShellAboutW
USER32.DLL: GetDC
WINMM.DLL: PlaySoundW
|
