OTL logg verdacht Tro.BHO.O, verdacht auf tojaner bho.o |
Willkommen, Gast ( Anmelden | Registrierung )
OTL logg verdacht Tro.BHO.O, verdacht auf tojaner bho.o |
08.06.2010, 14:25
Beitrag
#1
|
|
Kennt sich hier aus Gruppe: Mitglieder Beiträge: 161 Mitglied seit: 09.08.2004 Mitglieds-Nr.: 1.319 |
Hallo Rokop
Ich habe mal wieder ein ungebetenen Gast auf meinem Pc denke ich. Angefangen hat es eben damit das meine Browser nicht mehr funtionierten und nunja nun geht wenigstens Ie wieder ... ich habe mit Malewarebytes gescannt und den Tojaner BHO.O gefunden. Problem ist nun folgendes, der Trojan ist auf einmal nicht mehr findbar Ie geht wieder , firefox leider nicht und mein System kommt mir immernoch infiziert vor. Nun habe ich mal mit OTL ein Logg erstellt, wäre nett wenn ihr euch das mal anschaut. OTL logfile created on: 08.06.2010 15:15:50 - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\n3tgh0st\Desktop Windows Vista Business Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16386) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 76,68 Gb Total Space | 19,97 Gb Free Space | 26,05% Space Free | Partition Type: NTFS Drive D: | 74,53 Gb Total Space | 8,58 Gb Free Space | 11,52% Space Free | Partition Type: NTFS Drive E: | 2,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ELITE Current User Name: n3tgh0st Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\n3tgh0st\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.) PRC - C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) PRC - C:\Programme\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) PRC - C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\n3tgh0st\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (RalinkRegistryWriter) -- C:\Programme\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.) SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (utczmjuz) -- C:\Windows\System32\drivers\utczmjuz.sys () DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (nvamacpi) -- C:\Windows\system32\DRIVERS\NVAMACPI.sys (NVIDIA Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (t3) -- C:\Windows\System32\drivers\t3.sys (Creative Technology Ltd.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (cmuda3) -- C:\Windows\System32\drivers\cmudax3.sys (C-Media Inc) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105 FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.5.8.6 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 445 FF - prefs.js..network.proxy.type: 1 FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.03.17 17:36:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.03.17 17:36:40 | 000,000,000 | ---D | M] [2009.08.03 16:04:28 | 000,000,000 | ---D | M] -- C:\Users\n3tgh0st\AppData\Roaming\mozilla\Extensions [2010.06.07 11:59:57 | 000,000,000 | ---D | M] -- C:\Users\n3tgh0st\AppData\Roaming\mozilla\Firefox\Profiles\umn1bxf2.default\extensions [2010.03.29 01:12:33 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\n3tgh0st\AppData\Roaming\mozilla\Firefox\Profiles\umn1bxf2.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2010.01.06 05:32:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\n3tgh0st\AppData\Roaming\mozilla\Firefox\Profiles\umn1bxf2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009.08.30 16:15:52 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\n3tgh0st\AppData\Roaming\mozilla\Firefox\Profiles\umn1bxf2.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2010.03.24 16:12:38 | 000,000,917 | ---- | M] () -- C:\Users\n3tgh0st\AppData\Roaming\Mozilla\FireFox\Profiles\umn1bxf2.default\searchplugins\conduit.xml [2010.06.03 01:04:59 | 000,000,950 | ---- | M] () -- C:\Users\n3tgh0st\AppData\Roaming\Mozilla\FireFox\Profiles\umn1bxf2.default\searchplugins\icqplugin-1.xml [2009.08.11 17:37:40 | 000,000,822 | ---- | M] () -- C:\Users\n3tgh0st\AppData\Roaming\Mozilla\FireFox\Profiles\umn1bxf2.default\searchplugins\icqplugin.xml [2010.06.08 15:05:47 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.08.03 16:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - File not found O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - File not found O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - File not found O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - File not found O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - File not found O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - File not found O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - File not found O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - File not found O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin) O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15108/CTPID.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\n3tgh0st\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\n3tgh0st\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2003.02.20 00:57:36 | 000,006,578 | R--- | M] () - E:\autorun.apm -- [ CDFS ] O32 - AutoRun File - [2000.09.05 11:00:00 | 000,532,480 | R--- | M] (Indigo Rose Corporation) - E:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2003.02.20 00:57:36 | 000,000,029 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{85d629cc-707b-11df-b2c5-001d608d83e0}\Shell - "" = AutoRun O33 - MountPoints2\{85d629cc-707b-11df-b2c5-001d608d83e0}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found O33 - MountPoints2\{b0a7a0bd-802d-11de-a1d9-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b0a7a0bd-802d-11de-a1d9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2000.09.05 11:00:00 | 000,532,480 | R--- | M] (Indigo Rose Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.08 15:14:50 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\n3tgh0st\Desktop\OTL.exe [2010.06.08 14:03:09 | 000,000,000 | --SD | C] -- C:\ComboFix [2010.06.08 13:51:17 | 000,000,000 | ---D | C] -- C:\Avenger [2010.06.08 12:17:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.06.08 12:17:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.06.08 12:17:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.06.08 12:17:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.06.07 20:56:37 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stu2.exe [2010.06.05 11:58:55 | 000,000,000 | ---D | C] -- C:\Programme\avmwlanstick [2010.06.05 11:58:39 | 000,265,088 | ---- | C] (AVM GmbH) -- C:\Windows\System32\drivers\fwlanusb.sys [2010.06.05 11:58:39 | 000,074,752 | ---- | C] (AVM Berlin) -- C:\Windows\System32\fwlanci.dll [2010.06.05 11:58:39 | 000,004,352 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmeject.sys [2010.06.05 11:58:39 | 000,000,000 | ---D | C] -- C:\Windows\AVM_Driver [2010.06.05 11:58:38 | 000,000,000 | ---D | C] -- C:\Users\n3tgh0st\AVM_Driver [2010.06.04 20:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink [2010.06.04 20:26:21 | 000,054,016 | ---- | C] (OrangeWare Corporation) -- C:\Windows\System32\drivers\ousb2hub.sys [2010.06.04 20:26:21 | 000,039,040 | ---- | C] (OrangeWare Corporation) -- C:\Windows\System32\drivers\ousbehci.sys [2010.06.04 20:26:21 | 000,000,000 | ---D | C] -- C:\Windows\Drivers [2010.06.04 17:51:27 | 000,798,208 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\System32\drivers\netr28u.sys [2010.06.04 17:51:27 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\System32\RaCoInst.dll [2010.06.04 17:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink Driver [2010.06.04 17:51:05 | 000,000,000 | ---D | C] -- C:\Programme\Cisco [2010.06.04 17:50:51 | 001,585,152 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RaCertMgr.dll [2010.06.04 17:50:51 | 000,769,536 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RAIHV.dll [2010.06.04 17:50:51 | 000,097,280 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RAEXTUI.dll [2010.06.04 17:50:48 | 000,000,000 | ---D | C] -- C:\Programme\Ralink [2010.06.03 23:26:00 | 000,000,000 | ---D | C] -- C:\Users\n3tgh0st\Desktop\LUI v30001 [2010.05.29 15:07:26 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2010.05.29 15:07:26 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2010.05.29 15:07:26 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2010.05.24 07:52:29 | 000,000,000 | ---D | C] -- C:\Users\n3tgh0st\Desktop\Neuer Ordner [2010.05.23 11:04:15 | 000,000,000 | ---D | C] -- C:\Users\n3tgh0st\Desktop\autocad 2010 crack [2010.05.20 22:20:41 | 000,000,000 | ---D | C] -- C:\Users\n3tgh0st\Desktop\Funz_moddet [2010.05.20 18:10:00 | 000,000,000 | ---D | C] -- C:\Programme\mp3DirectCut [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.08 15:15:22 | 002,097,152 | -HS- | M] () -- C:\Users\n3tgh0st\NTUSER.DAT [2010.06.08 15:14:51 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\n3tgh0st\Desktop\OTL.exe [2010.06.08 15:03:57 | 000,033,164 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.06.08 15:03:57 | 000,033,164 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.06.08 15:03:49 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.08 15:03:49 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.08 15:03:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.08 15:03:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.08 15:03:42 | 3488,079,872 | -HS- | M] () -- C:\hiberfil.sys [2010.06.08 15:00:41 | 002,533,939 | -H-- | M] () -- C:\Users\n3tgh0st\AppData\Local\IconCache.db [2010.06.08 12:17:10 | 003,704,374 | R--- | M] () -- C:\Users\n3tgh0st\Desktop\ComboFix.exe [2010.06.08 12:03:01 | 000,626,596 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.08 12:03:00 | 001,509,842 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.08 12:03:00 | 000,657,758 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.08 12:03:00 | 000,123,282 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.08 12:03:00 | 000,110,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.07 21:42:42 | 000,239,880 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\mindfuck3.jpg [2010.06.06 17:37:41 | 043,367,066 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\phpbb_db_backup.sql [2010.06.06 14:01:53 | 000,027,732 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\olol.png [2010.06.05 17:31:11 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.06.05 17:25:05 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2010.06.04 21:14:43 | 000,000,375 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2010.06.03 23:25:49 | 015,829,457 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\LUI v30001.zip [2010.06.01 18:21:03 | 000,033,187 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\omfg.jpg [2010.05.29 18:17:03 | 001,806,661 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\PKK.mp3 [2010.05.29 15:36:34 | 000,000,500 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\dre.html [2010.05.29 15:07:26 | 000,305,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2010.05.29 15:07:26 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2010.05.29 15:07:26 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2010.05.28 17:18:07 | 000,106,811 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\internets_srs_bsns_ninjas.jpg [2010.05.28 13:11:58 | 001,002,240 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\Bild015.jpg [2010.05.26 13:03:44 | 000,005,266 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\pic_1186611850_7.jpg [2010.05.26 13:03:44 | 000,000,848 | ---- | M] () -- C:\Users\n3tgh0st\.recently-used.xbel [2010.05.24 07:51:51 | 002,797,291 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\funs2(2).rar [2010.05.23 11:04:11 | 005,281,099 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\autocad_2010_crack.rar [2010.05.20 18:42:00 | 007,011,193 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\funsupdate.rar [2010.05.20 18:10:00 | 000,000,852 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\mp3DirectCut.lnk [2010.05.20 18:09:24 | 000,212,713 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\mp3DC211.exe [2010.05.20 18:00:43 | 000,148,311 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\WoWScrnShot_052010_175516.jpg [2010.05.11 20:37:10 | 000,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.08 13:09:50 | 3488,079,872 | -HS- | C] () -- C:\hiberfil.sys [2010.06.08 12:17:40 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.06.08 12:17:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.06.08 12:17:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.06.08 12:17:40 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.06.08 12:17:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.06.07 21:42:41 | 000,239,880 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\mindfuck3.jpg [2010.06.06 17:37:29 | 043,367,066 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\phpbb_db_backup.sql [2010.06.06 14:01:53 | 000,027,732 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\olol.png [2010.06.06 14:00:05 | 000,029,763 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\7f1fa400fec9f33df5465c7c17c866d2.png [2010.06.05 17:25:05 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2010.06.05 11:58:40 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2010.06.04 17:51:27 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2010.06.03 23:25:00 | 015,829,457 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\LUI v30001.zip [2010.06.01 18:21:03 | 000,033,187 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\omfg.jpg [2010.05.29 18:27:59 | 001,806,661 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\PKK.mp3 [2010.05.29 15:08:07 | 001,002,240 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\Bild015.jpg [2010.05.28 17:18:06 | 000,106,811 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\internets_srs_bsns_ninjas.jpg [2010.05.26 13:03:44 | 000,000,848 | ---- | C] () -- C:\Users\n3tgh0st\.recently-used.xbel [2010.05.26 13:01:20 | 000,005,266 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\pic_1186611850_7.jpg [2010.05.24 07:51:48 | 002,797,291 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\funs2(2).rar [2010.05.23 11:03:53 | 005,281,099 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\autocad_2010_crack.rar [2010.05.21 19:57:07 | 000,003,563 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\tunein-station.pls [2010.05.20 18:10:31 | 007,011,193 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\funsupdate.rar [2010.05.20 18:10:00 | 000,000,852 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\mp3DirectCut.lnk [2010.05.20 18:09:24 | 000,212,713 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\mp3DC211.exe [2010.05.20 18:00:42 | 000,148,311 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\WoWScrnShot_052010_175516.jpg [2010.05.11 20:37:10 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2010.01.07 02:01:41 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\utczmjuz.sys [2009.12.07 05:27:25 | 000,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2009.12.07 05:27:25 | 000,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2009.12.07 05:27:25 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2009.12.07 05:27:25 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2009.12.07 05:27:25 | 000,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2009.12.07 05:27:25 | 000,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2009.11.27 18:09:57 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2009.11.14 09:46:09 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2009.08.13 15:44:41 | 000,028,672 | ---- | C] () -- C:\Windows\System32\cmrmdrv3.dll [2009.08.13 15:44:29 | 000,065,536 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll [2009.08.13 15:44:29 | 000,000,539 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi [2009.08.13 15:44:27 | 000,000,727 | R--- | C] () -- C:\Windows\cmudax3.ini [2009.08.12 21:08:33 | 000,004,626 | ---- | C] () -- C:\Windows\System32\AudioDrv.ini [2009.08.12 21:08:08 | 000,000,049 | R--- | C] () -- C:\Windows\System32\ctzapxx.ini [2009.08.12 21:07:11 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini [2009.08.12 21:07:11 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini [2009.08.12 21:07:11 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini [2009.08.12 21:07:11 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini [2009.08.12 21:07:11 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini [2009.08.12 21:07:11 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini [2009.08.12 21:07:11 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini [2009.08.12 21:07:11 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini [2009.08.12 21:07:11 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini [2009.08.12 21:07:11 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini [2009.08.12 21:07:11 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini [2009.08.12 21:07:11 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini [2009.08.12 21:07:11 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini [2009.08.12 21:07:11 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini [2009.08.12 21:07:11 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini [2009.08.12 21:07:11 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini [2009.08.12 21:07:11 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini [2009.08.12 21:07:11 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini [2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini [2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini [2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini [2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini [2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini [2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini [2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini [2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini [2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini [2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini [2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini [2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini [2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini [2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini [2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini [2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini [2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini [2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini [2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini [2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini [2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini [2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini [2009.08.12 21:07:10 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini [2009.08.12 21:07:10 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini [2009.08.12 21:06:58 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2009.08.12 21:06:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2009.08.12 12:31:35 | 000,065,536 | R--- | C] () -- C:\Windows\VMix.dll [2009.08.03 16:39:27 | 000,148,992 | ---- | C] () -- C:\Windows\System32\OemSpiE.dll [2009.08.03 15:47:04 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2009.08.03 15:47:03 | 000,009,697 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009.08.03 15:46:53 | 000,012,536 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2009.04.14 15:34:28 | 000,033,080 | ---- | C] () -- C:\Windows\System32\t3.ini [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.03.29 23:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll [2005.10.14 11:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll [2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll [2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll [2002.03.17 02:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000079.DLL < End of report > -------------------- |
|
|
08.06.2010, 14:27
Beitrag
#2
|
|
Kennt sich hier aus Gruppe: Mitglieder Beiträge: 161 Mitglied seit: 09.08.2004 Mitglieds-Nr.: 1.319 |
Die Extra.txt muss ich hier nochmal posten ... weiss net ob die benötigt wird aber nundenn.
OTL Extras logfile created on: 08.06.2010 15:15:50 - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\n3tgh0st\Desktop Windows Vista Business Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16386) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 76,68 Gb Total Space | 19,97 Gb Free Space | 26,05% Space Free | Partition Type: NTFS Drive D: | 74,53 Gb Total Space | 8,58 Gb Free Space | 11,52% Space Free | Partition Type: NTFS Drive E: | 2,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ELITE Current User Name: n3tgh0st Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "UACDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1E4FED10-EBAA-4281-B438-791F5BCD0BDA}" = lport=2869 | protocol=6 | dir=in | app=system | "{2815FA16-933B-4955-B2F8-12C6A48D1569}" = rport=137 | protocol=17 | dir=out | app=system | "{32FFB25D-9786-43CC-B21B-0EC713653426}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{40738E1F-B732-4CD5-B15A-BE05C516E294}" = rport=139 | protocol=6 | dir=out | app=system | "{48E6C78E-E018-4803-9115-79412130F847}" = rport=445 | protocol=6 | dir=out | app=system | "{5FE1AEFD-6724-4798-A477-EE513B24EE0F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8B396916-F294-49EF-ACDA-C654584E4EDF}" = lport=137 | protocol=17 | dir=in | app=system | "{9CC2AC9E-D0A5-49B2-AF83-614515953D15}" = lport=138 | protocol=17 | dir=in | app=system | "{A3584FDB-6A58-4EA7-97DF-D3309196D226}" = lport=139 | protocol=6 | dir=in | app=system | "{C6A2B4AC-A1CF-40A0-9A7B-99F61088765E}" = rport=138 | protocol=17 | dir=out | app=system | "{CE7F3D4D-5CA0-43A4-8B29-514350528DA9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{D7540180-E3DF-43AA-B403-104B32DE101E}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{18492B49-B7A9-49C2-A073-4726E9332E97}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{27D97F0A-146A-4BBB-9F59-33CD0DEB47B8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5941B878-6D1A-49FD-A0F5-27FB27565E82}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5E3BB18E-7435-4378-88B8-0CC2AE0134AE}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{A9CD24AD-47D8-4B15-A05F-30683175BE8D}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe | "{B8FFAD08-B162-4667-9898-0B2C058E2BD7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B9F6AB2D-EA66-4694-8255-2F6CD3AD3122}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{C27E39E7-B172-49FD-8DD8-60C852E7112F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{C2F1F424-ADA3-44A0-9366-7798E786372E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{EC0B8A0D-7260-4DB4-A156-F8C497D16A67}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{EEB8D083-212A-4C8F-86A6-6CE9BFAB8A1E}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe | "TCP Query User{19B690B3-A444-441B-86A1-A4C8A1C4AC38}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{1C8C3ECF-B3FD-4ED4-9BEC-EFD9FD75226F}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | "UDP Query User{10CB1731-9792-4DDA-BBC1-52573AA53647}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | "UDP Query User{E78A3F5E-3E25-4D97-8500-E99EFDB1CA8B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0C9D0200-FA32-44B7-BBB3-7C03F700C4A0}" = Sound Blaster X-Fi "{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 14 "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform "{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater "{50D25574-2C48-4AEC-8FFC-32AEAD2EAEFF}" = Nokia Ovi Player "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5 "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3 "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.7 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX "{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C4B045DB-C2C0-4A05-8DA5-754B4733EE31}" = Nokia Ovi One Touch Access "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D761C5D2-E727-415A-BC4E-52642CEA1A1C}" = TubeBox! "{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater "{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin (murb.com Edition) 2.2 "{EB371786-9449-4ED8-B47A-032467A58CAD}" = CamStudio "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio "0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1) "7-Zip" = 7-Zip 4.65 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3 "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6 "B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1) "Cain & Abel v4.9.35" = Cain & Abel v4.9.35 "CCleaner" = CCleaner "CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows-Treiberpaket - Nokia Modem (05/24/2007 6.84.0.1) "C-Media PCI Audio Driver" = Aureon 5.1 PCI "Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0 "CurseClient" = Curse Client "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "FileZilla Client" = FileZilla Client 3.3.2.1 "Fraps" = Fraps "HijackThis" = HijackThis 2.0.2 "Host OpenAL" = Host OpenAL "ICQToolbar" = ICQ Toolbar "InstallShield_{EB371786-9449-4ED8-B47A-032467A58CAD}" = CamStudio "InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "mIRC" = mIRC "Mumble" = Mumble and Murmur "Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3019 "Nokia Ovi Suite" = Nokia Ovi Suite "Nokia PC Suite" = Nokia PC Suite "NVIDIA Drivers" = NVIDIA Drivers "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "PSPad editor_is1" = PSPad editor "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Thoosje Vista Tweaker" = Thoosje Vista Tweaker "Trillian" = Trillian "Universal Document Converter_is1" = Universal Document Converter (Demo) "VLC media player" = VLC media player 1.0.5 "WinGimp-2.0_is1" = GIMP 2.6.8 "WinLiveSuite_Wave3" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.1 "WinRAR archiver" = WinRAR "Xfire" = Xfire (remove only) "XfireXO Toolbar" = XfireXO Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "World of Logs Client" = World of Logs Client ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > -------------------- |
|
|
08.06.2010, 14:46
Beitrag
#3
|
|
Wohnt schon fast hier Gruppe: Mitglieder Beiträge: 1.300 Mitglied seit: 11.02.2009 Mitglieds-Nr.: 7.357 |
erstelle und poste ein combofix log.
http://www.paules-pc-forum.de/forum/4-pc-s...-anleitung.html öffne malwarebytes, logdateien, poste das log mit den funden. |
|
|
08.06.2010, 14:46
Beitrag
#4
|
|
AV-Spezialist Gruppe: Mitarbeiter Beiträge: 2.935 Mitglied seit: 27.04.2003 Wohnort: Nordhorn Mitglieds-Nr.: 59 |
Teste bitte die DAtei C:\Windows\System32\drivers\utczmjuz.sys bei virustotal.com und poste den Link zum Ergebniss.
Ansonsten, setz dein System besser neu auf, es beinhaltet nicht einmal ein SP (sp2+ ist aktuell) und ueberlege dir, dich etwas von cracks und co fern zu halten, sonst bist du schneller mit Problemen wieder hier, als dir lieb ist..... -------------------- MfG Ralf
|
|
|
08.06.2010, 14:58
Beitrag
#5
|
|
Kennt sich hier aus Gruppe: Mitglieder Beiträge: 161 Mitglied seit: 09.08.2004 Mitglieds-Nr.: 1.319 |
Hi Raman ...
Ja denn werde ich wohl ma neu installieren ... hatte ich eh schon länger nicht mehr gemacht. Virustotal sagt http://www.virustotal.com/de/analisis/7ae9...c237-1276005175 Rootkit.Bagle.K sagt Gdata ... (@cracks : ja ist mir bewusst das das net so toll is danke für den Hinweiss) Würde sagen das Thread kann denn ggf geschlossen werden danke "malwieder" für die Hilfe mfg r00t -------------------- |
|
|
08.06.2010, 15:07
Beitrag
#6
|
|
AV-Spezialist Gruppe: Mitarbeiter Beiträge: 2.935 Mitglied seit: 27.04.2003 Wohnort: Nordhorn Mitglieds-Nr.: 59 |
Die Datei kann ein Ueberbleibsel von einem Bagle sein, aber auch von der Nutzung von AVZ stammen.
-------------------- MfG Ralf
|
|
|
08.06.2010, 19:07
Beitrag
#7
|
|
Gehört zum Inventar Gruppe: Mitglieder Beiträge: 2.095 Mitglied seit: 14.08.2003 Wohnort: Asten, OÖ Mitglieds-Nr.: 149 Betriebssystem: Windows 11 Home x64 Virenscanner: Windows Defender Firewall: Router+Windows Firewall |
Die Datei kann ... auch von der Nutzung von AVZ stammen. Darauf wette ich -------------------- Gruß
Rene-gad Sobald ein Troll, DAU oder Elch im Lauf eines Threads auf heftige Kritik stößt, argumentiert er mit der Arroganz des Kritikers. Dies kann auch vorsorglich erfolgen. Roesen's Law |
|
|
Vereinfachte Darstellung | Aktuelles Datum: 02.11.2024, 08:16 |