| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Verdacht auf Trojaner oder KeyloggerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.06.2011, 21:10
| #1 |
| |  Verdacht auf Trojaner oder Keylogger Hallo, ich bitte um eure Hilfe. Als ich mich vor 3 Tagen in mein Facebook Account eingeloggt habe stand dort das von einem anderen Ort auf mein Account zugegriffen wurde. Daraufhin habe ich mein Passwort geändert und dachte mir auch nichts dabei. Doch heute wollte ich mich bei google anmelden um meine mails abzurufen und das Passwort war Falsch. Jetzt wollte ich es zurücksetzten doch ich weiß die Sicherheitsfrage nicht mehr weil der Account auch schon ziemlich alt ist. Jetzt schickt mir google warscheinlich mein Passwort an meine andere E-mail. Ich untersuche meinen Computer gerade auf Viren mit Kaspersky 2012, doch das Programm hat noch nichts gefunden. Bitte um schnelle Antworten was ich machen kann! Liebe Grüsse  |
|
19.06.2011, 16:18
| #2 |
| /// Malware-holic   |  Verdacht auf Trojaner oder Keylogger hi
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
19.06.2011, 18:59
| #3 |
| | Verdacht auf Trojaner oder Keylogger Extras.txt
__________________Code:
ATTFilter OTL Extras logfile created on: 19.06.2011 19:39:44 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Dennis\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,88% Memory free
7,99 Gb Paging File | 6,67 Gb Available in Paging File | 83,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,47 Gb Total Space | 181,86 Gb Free Space | 73,49% Space Free | Partition Type: NTFS
Drive D: | 25,39 Gb Total Space | 25,30 Gb Free Space | 99,65% Space Free | Partition Type: NTFS
Drive G: | 7,42 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: GAMING-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1410892137-877069167-2350996814-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{372806CA-AE32-4A49-9CC1-EF9E3AB28D5C}" = O&O Defrag Server
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CyberGhost VPN_is1" = CyberGhost VPN
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR arkivering
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{3A03D3D2-46C7-49ED-B60B-B91B1F5E71D3}_is1" = Game Prelauncher version 3.1.2
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{48418FBF-A20E-4BF2-90DA-561C2ECB721A}_is1" = Window Renamer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8E2FCC0-C524-4546-8859-A7F5D2BE6E5E}" = FBP - Facebook Blaster Pro
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E635F595-7D51-459D-9E2B-827F234F9D4E}" = FriendAdderElite
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Alice: Madness Returns_is1" = Alice: Madness Returns
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 3.7.7
"AnyTV Pro_is1" = AnyTV Pro 5.1
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"CursorFX" = CursorFX
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"EADM" = EA Download Manager
"facemoods" = Facemoods Toolbar
"Game Booster 3_is1" = Game Booster
"Garena" = Garena 2010
"Hide IP Platinum_is1" = Hide IP Platinum 3.42
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PPLive" = PPLive 1.9
"Premium Link Generator 1.00" = Premium Link Generator 1.00
"RocketDock_is1" = RocketDock 1.3.5
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SopCast" = SopCast 3.3.2
"Steam App 13140" = America's Army 3
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"TeamViewer 6" = TeamViewer 6
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"TVAnts 1.0" = TVAnts 1.0
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1410892137-877069167-2350996814-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FlyFFAutomaton" = FlyFF Automaton (v1.00)
"Google Chrome" = Google Chrome
"Megakey" = Megakey
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10.05.2011 15:06:45 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Faulting application name: BFP4f.exe, version: 0.0.0.0, time stamp:
0x4dc405a3 Faulting module name: BFP4f.exe, version: 0.0.0.0, time stamp: 0x4dc405a3
Exception
code: 0xc0000005 Fault offset: 0x00327964 Faulting process id: 0xd74 Faulting application
start time: 0x01cc0f44ea688016 Faulting application path: C:\Program Files (x86)\EA
Games\Battlefield Play4Free\BFP4f.exe Faulting module path: C:\Program Files (x86)\EA
Games\Battlefield Play4Free\BFP4f.exe Report Id: a53e1f07-7b38-11e0-8cd3-001f16187740
Error - 12.05.2011 08:05:09 | Computer Name = Gaming-PC | Source = Application Hang | ID = 1002
Description = The program Neuz.exe version 3.8.22.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 404 Start Time:
01cc109ccb842810 Termination Time: 13 Application Path: C:\Program Files\gPotato.eu\FlyFF\Neuz.exe
Report
Id: 132c1a32-7c90-11e0-9212-001f16187740
Error - 12.05.2011 13:15:04 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Faulting application name: javaw.exe, version: 6.0.250.6, time stamp:
0x4da6bb44 Faulting module name: java.dll, version: 6.0.250.6, time stamp: 0x4da6f198
Exception
code: 0xc0000005 Fault offset: 0x00004e2f Faulting process id: 0xcfc Faulting application
start time: 0x01cc10c820f9f2ac Faulting application path: C:\Program Files (x86)\Java\jre6\bin\javaw.exe
Faulting
module path: C:\Program Files (x86)\Java\jre6\bin\java.dll Report Id: 603d86db-7cbb-11e0-9212-001f16187740
Error - 13.05.2011 10:03:16 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Faulting application name: avp.exe, version: 11.0.2.571, time stamp:
0x4cd05f34 Faulting module name: Ushata.dll, version: 11.0.2.556, time stamp: 0x4cab5fa3
Exception
code: 0xc0000005 Fault offset: 0x0000540d Faulting process id: 0x750 Faulting application
start time: 0x01cc117098cbfc6e Faulting application path: C:\Program Files (x86)\Kaspersky
Lab\Kaspersky Internet Security 2011\avp.exe Faulting module path: C:\Program Files
(x86)\Kaspersky Lab\Kaspersky Internet Security 2011\Ushata.dll Report Id: beffe97b-7d69-11e0-9613-001f16187740
Error - 13.05.2011 10:47:57 | Computer Name = Gaming-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Kuma
Games\MFC80.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 13.05.2011 10:47:57 | Computer Name = Gaming-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Kuma
Games\MFC80.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 13.05.2011 16:30:04 | Computer Name = Gaming-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\AVSMedia\ActiveX\AVSShellConverter64.dll". Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 13.05.2011 16:45:30 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AVSVideoConverter.exe, version: 7.1.2.480,
time stamp: 0x00000000 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x137520d7 Faulting process id:
0xfd4 Faulting application start time: 0x01cc11ae4aab1784 Faulting application path:
C:\program files (x86)\avs4you\avsvideoconverter\AVSVideoConverter.exe Faulting
module path: unknown Report Id: f00dd41f-7da1-11e0-b055-001f16187740
Error - 13.05.2011 16:46:51 | Computer Name = Gaming-PC | Source = MsiInstaller | ID = 10005
Description =
Error - 14.05.2011 10:30:26 | Computer Name = Gaming-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'systemapp.exe' could not be shut down.
[ System Events ]
Error - 31.05.2011 10:19:10 | Computer Name = Gaming-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 31.05.2011 11:22:10 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description = The Avira AntiVir WebGuard service depends on the Avira AntiVir Guard
service which failed to start because of the following error: %%0
Error - 31.05.2011 11:22:10 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description = The Avira AntiVir MailGuard service depends on the Avira AntiVir Guard
service which failed to start because of the following error: %%1062
Error - 31.05.2011 12:21:25 | Computer Name = Gaming-PC | Source = bowser | ID = 8003
Description =
Error - 31.05.2011 14:12:23 | Computer Name = Gaming-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 31.05.2011 14:12:22 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058
Error - 31.05.2011 14:12:22 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058
Error - 31.05.2011 14:12:25 | Computer Name = Gaming-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 31.05.2011 14:23:18 | Computer Name = Gaming-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 01.06.2011 07:37:17 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058
< End of report >
|
|
19.06.2011, 19:00
| #4 |
| | Verdacht auf Trojaner oder Keylogger OTL.txt Code:
ATTFilter OTL logfile created on: 19.06.2011 19:39:44 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Dennis\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,88% Memory free 7,99 Gb Paging File | 6,67 Gb Available in Paging File | 83,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 247,47 Gb Total Space | 181,86 Gb Free Space | 73,49% Space Free | Partition Type: NTFS Drive D: | 25,39 Gb Total Space | 25,30 Gb Free Space | 99,65% Space Free | Partition Type: NTFS Drive G: | 7,42 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: GAMING-PC | User Name: Dennis | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Dennis\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Dennis\AppData\Local\Megamedia\Megakey\Megakey.exe (Megamedia Ltd.) PRC - C:\Users\Dennis\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe (Megamedia Ltd.) PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe (Stardock Corporation) PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Dennis\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files (x86)\Stardock\CursorFX\CurXP0.dll ( ) MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (CGVPNCliSrvc) -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH) SRV:64bit: - (OODefragAgent) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_e877e12.dll () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.) SRV - (GatewayAgentService) -- C:\Program Files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe (O&O Software GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (MonitorFunction) -- C:\Windows\SysNative\drivers\TVMonitor.sys (TeamViewer GmbH) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 188.129.152.98:34463 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 188.129.152.98:34463 IE - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw IE - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 69 6E 10 F3 CF 05 CC 01 [binary data] IE - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://start.facemoods.com/?a=ddrnw" FF - prefs.js..network.proxy.ftp: "188.129.152.98" FF - prefs.js..network.proxy.ftp_port: 34463 FF - prefs.js..network.proxy.http: "188.129.152.98" FF - prefs.js..network.proxy.http_port: 34463 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "188.129.152.98" FF - prefs.js..network.proxy.socks_port: 34463 FF - prefs.js..network.proxy.ssl: "188.129.152.98" FF - prefs.js..network.proxy.ssl_port: 34463 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.06.02 20:43:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.06.02 20:43:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011.06.07 15:53:17 | 000,000,000 | ---D | M] [2011.05.14 16:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\i2z78o5v.default\extensions [2011.05.14 17:11:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.05.03 17:24:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.05.02 18:34:30 | 000,000,000 | ---D | M] (ScanQuery) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64} [2011.05.03 13:43:04 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2011.05.03 13:43:04 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2011.05.12 17:02:16 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml O1 HOSTS File: ([2011.06.02 19:39:21 | 000,000,533 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (MegaIeHelperBHO Class) - {77F4E711-789B-447F-9614-96759B2F83C6} - C:\Users\Dennis\AppData\Local\Megamedia\Megakey\x64\MegaIeHelper64.dll (Megamedia Ltd.) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (MegaIeHelperBHO Class) - {77F4E711-789B-447F-9614-96759B2F83C6} - C:\Users\Dennis\AppData\Local\Megamedia\Megakey\MegaIeHelper.dll (Megamedia Ltd.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com) O3 - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKU\.DEFAULT..\Run: [Welcome Center] C:\Windows\SysWow64\OobeFldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [Welcome Center] C:\Windows\SysWow64\OobeFldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1410892137-877069167-2350996814-1001..\Run: [CursorFX] C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe (Stardock Corporation) O4 - HKU\S-1-5-21-1410892137-877069167-2350996814-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1410892137-877069167-2350996814-1001..\Run: [Megakey] C:\Users\Dennis\AppData\Local\Megamedia\Megakey\Megakey.exe (Megamedia Ltd.) O4 - HKU\S-1-5-21-1410892137-877069167-2350996814-1001..\Run: [MegakeyUpdater] C:\Users\Dennis\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe (Megamedia Ltd.) O4 - HKU\S-1-5-21-1410892137-877069167-2350996814-1001..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-1410892137-877069167-2350996814-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-21-1410892137-877069167-2350996814-1003..\RunOnce: [mctadmin] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1 O7 - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Capture Web Page - C:\Users\Dennis\AppData\Local\Megamedia\Megakey\CaptureWebPage.htm () O8:64bit: - Extra context menu item: Fetch to Megaupload - C:\Users\Dennis\AppData\Local\Megamedia\Megakey\MegaUpload.htm () O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Capture Web Page - C:\Users\Dennis\AppData\Local\Megamedia\Megakey\CaptureWebPage.htm () O8 - Extra context menu item: Fetch to Megaupload - C:\Users\Dennis\AppData\Local\Megamedia\Megakey\MegaUpload.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ( ) O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ( ) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\S-1-5-21-1410892137-877069167-2350996814-1001 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.06.15 22:04:08 | 000,000,100 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{912b96f0-723c-11e0-aae6-001f16187740}\Shell - "" = AutoRun O33 - MountPoints2\{912b96f0-723c-11e0-aae6-001f16187740}\Shell\AutoRun\command - "" = G:\Setup.exe -- [2011.06.15 22:04:08 | 000,699,990 | R--- | M] (EA Games ) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^leftsider64.exe - - File not found MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: MSASCui - hkey= - key= - File not found MsConfig:64bit - StartUpReg: OODefragTray - hkey= - key= - C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH) MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: uTorrent - hkey= - key= - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) MsConfig:64bit - StartUpReg: XeroxEndeavorBackgroundTask - hkey= - key= - File not found MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: MCODS - Reg Error: Value error. SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: TabletInputService - Service SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: TabletInputService - Service SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: MCODS - Reg Error: Value error. SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TabletInputService - Service SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TabletInputService - Service SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.ffds - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll () Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.06.18 21:26:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E568B6A0-8E02-46C8-8954-00ECD7CD3554} [2011.06.18 21:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock [2011.06.18 18:16:33 | 000,000,000 | ---D | C] -- C:\Update [2011.06.18 18:16:16 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Megamedia [2011.06.18 18:16:14 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Megakey [2011.06.18 18:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Megamedia [2011.06.18 18:16:03 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Megamedia [2011.06.18 11:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2011.06.17 13:45:21 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\NVIDIA [2011.06.17 13:45:13 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Documents\My Games [2011.06.17 13:39:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games [2011.06.17 13:14:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games [2011.06.16 18:14:36 | 000,000,000 | -HSD | C] -- C:\found.000 [2011.06.16 16:39:35 | 000,898,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OobeFldr.dll [2011.06.15 19:07:53 | 001,426,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco642040.dll [2011.06.15 19:07:53 | 000,174,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2011.06.15 19:07:53 | 000,070,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapo64v.dll [2011.06.15 19:07:53 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2011.06.15 19:07:50 | 022,286,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2011.06.15 19:07:50 | 018,583,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2011.06.15 19:07:50 | 016,456,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2011.06.15 19:07:50 | 015,223,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2011.06.15 19:07:50 | 013,011,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2011.06.15 19:07:50 | 011,992,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2011.06.15 19:07:50 | 008,863,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2011.06.15 19:07:50 | 007,123,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2011.06.15 19:07:50 | 006,555,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2011.06.15 19:07:50 | 005,301,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2011.06.15 19:07:50 | 002,943,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2011.06.15 19:07:50 | 002,804,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2011.06.15 19:07:50 | 002,644,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2011.06.15 19:07:50 | 002,335,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2011.06.15 19:07:50 | 002,212,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2011.06.15 19:07:50 | 002,082,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2011.06.15 19:07:50 | 001,496,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420150.dll [2011.06.15 19:07:50 | 001,427,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642090.dll [2011.06.15 19:07:50 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2011.06.15 19:07:50 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2011.06.15 19:07:50 | 000,012,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd [2011.06.15 19:06:55 | 000,000,000 | ---D | C] -- C:\NVIDIA [2011.06.15 18:53:28 | 001,619,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420140.dll [2011.06.15 18:53:28 | 001,404,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642060.dll [2011.06.15 16:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Prelauncher [2011.06.15 16:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Game Prelauncher [2011.06.15 16:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3 [2011.06.15 16:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2011.06.14 14:34:39 | 000,108,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\socket.ocx [2011.06.13 03:58:54 | 000,000,000 | ---D | C] -- C:\Windows\vf_hip [2011.06.13 03:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hide IP Platinum [2011.06.13 03:58:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hide IP Platinum [2011.06.12 16:17:15 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Solo-Dev [2011.06.11 22:27:53 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Documents\Duke Nukem Forever [2011.06.11 22:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911 [2011.06.11 22:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Duke Nukem Forever [2011.06.11 15:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2011.06.11 15:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2011.06.11 11:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Premium Link Generator [2011.06.10 16:28:07 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\VirtualStore [2011.06.09 17:37:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oodag [2011.06.09 17:25:01 | 000,016,376 | ---- | C] (TeamViewer GmbH) -- C:\Windows\SysNative\drivers\TVMonitor.sys [2011.06.09 17:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer [2011.06.09 16:49:27 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\O&O [2011.06.09 16:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\OO Software [2011.06.09 16:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OO Software [2011.06.09 16:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software [2011.06.09 16:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software [2011.06.09 16:49:00 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Downloaded Installations [2011.06.08 20:28:08 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Documents\Tunngle [2011.06.08 20:28:08 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Tunngle [2011.06.08 20:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle [2011.06.08 20:28:05 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys [2011.06.08 14:02:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2011.06.07 15:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012 [2011.06.07 15:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2011.06.07 15:52:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2011.06.07 15:52:44 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2011.06.05 14:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Window Renamer [2011.06.05 14:50:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Window Renamer [2011.06.03 19:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2011.06.03 16:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Xerox [2011.06.02 20:45:36 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\DDMSettings [2011.06.02 20:43:16 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\DivX [2011.06.02 20:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2011.06.02 20:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2011.06.02 20:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2011.06.02 20:42:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2011.06.02 20:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2011.06.02 20:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2011.06.02 20:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoshopPortable [2011.06.02 19:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2011.06.02 19:00:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2011.06.02 18:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FBP - Facebook Blaster Pro [2011.06.02 18:49:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FBP - Facebook Blaster Pro [2011.06.02 18:25:41 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Creative Suite 5.5 Design Premium [2011.06.02 18:23:19 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.06.02 18:23:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2011.05.31 17:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.05.30 14:36:56 | 000,000,000 | ---D | C] -- C:\Users\Dennis\fontconfig [2011.05.30 12:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S.A.D [2011.05.30 12:08:40 | 000,029,696 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys [2011.05.30 12:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\S.A.D [2011.05.29 21:25:28 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.05.29 21:23:39 | 000,000,000 | ---D | C] -- C:\.Trash-1000 [2011.05.29 20:23:31 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\CrashRpt [2011.05.29 18:36:06 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\AOL [2011.05.29 18:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility [2011.05.29 18:35:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL [2011.05.29 16:08:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent [2011.05.29 16:06:41 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\uTorrent [2011.05.29 16:06:26 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\uTorrent [2011.05.29 13:32:56 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Games [2011.05.27 16:25:54 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Garena [2011.05.27 16:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena [2011.05.27 16:25:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garena [2011.05.24 18:24:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange [2011.05.24 18:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software [2011.05.24 15:13:39 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\vlc [2011.05.24 15:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.05.24 15:12:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2011.05.22 19:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.05.22 19:54:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2011.05.21 16:11:30 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Electronic Arts [2011.05.21 16:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts [2011.05.21 16:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2011.05.21 16:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.06.19 19:41:41 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.19 19:41:41 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.19 19:39:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1410892137-877069167-2350996814-1001UA.job [2011.06.19 19:34:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.19 19:34:17 | 000,051,040 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2011.06.17 20:02:32 | 000,000,221 | ---- | M] () -- C:\Users\Dennis\Desktop\America's Army 3.url [2011.06.17 13:39:03 | 000,002,594 | ---- | M] () -- C:\Users\Public\Desktop\Alice Madness Returns.lnk [2011.06.16 18:15:17 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat [2011.06.16 15:58:30 | 000,000,000 | ---- | M] () -- C:\Report [2011.06.16 14:39:03 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1410892137-877069167-2350996814-1001Core.job [2011.06.16 12:41:46 | 000,036,892 | ---- | M] () -- C:\Windows\SysWow64\bassmod.dll [2011.06.16 11:41:30 | 000,002,143 | ---- | M] () -- C:\Users\Dennis\Desktop\all good (GP).lnk [2011.06.15 18:59:23 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.06.15 17:49:43 | 000,001,972 | ---- | M] () -- C:\Users\Dennis\Desktop\Nemo-Crack.ru.lnk [2011.06.15 16:55:19 | 000,001,182 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode 3.lnk [2011.06.15 16:55:19 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster 3.lnk [2011.06.13 04:26:21 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.06.13 03:59:03 | 000,000,032 | ---- | M] () -- C:\Windows\go [2011.06.13 03:58:54 | 000,001,092 | ---- | M] () -- C:\Users\Dennis\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide IP Platinum.lnk [2011.06.13 03:58:54 | 000,001,068 | ---- | M] () -- C:\Users\Dennis\Desktop\Hide IP Platinum.lnk [2011.06.11 11:25:04 | 000,001,996 | ---- | M] () -- C:\Users\Dennis\Desktop\Premium Link Generator.lnk [2011.06.09 20:09:32 | 004,877,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.06.09 19:09:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat [2011.06.07 16:01:05 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2011.06.07 15:54:56 | 000,017,408 | ---- | M] () -- C:\Users\Dennis\AppData\Local\WebpageIcons.db [2011.06.07 15:53:54 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2011.06.07 15:52:44 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2011.06.05 12:41:48 | 000,736,514 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.06.05 12:41:48 | 000,623,054 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.06.05 12:41:48 | 000,109,176 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.05.30 14:36:40 | 000,000,237 | ---- | M] () -- C:\Users\Dennis\.swfinfo [2011.05.30 10:41:30 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.05.30 10:41:30 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.05.30 10:32:16 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2011.05.29 18:36:05 | 000,000,360 | -H-- | M] () -- C:\IPH.PH [2011.05.29 16:08:12 | 000,000,967 | ---- | M] () -- C:\Users\Dennis\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2011.05.28 19:17:15 | 000,001,556 | ---- | M] () -- C:\Users\Dennis\PDF.lnk [2011.05.28 12:55:45 | 000,001,709 | ---- | M] () -- C:\Windows\TSearch.INI [2011.05.27 19:26:29 | 000,045,286 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\room_v3.dat [2011.05.27 19:11:41 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.05.21 08:01:00 | 022,286,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2011.05.21 08:01:00 | 018,583,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2011.05.21 08:01:00 | 016,456,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2011.05.21 08:01:00 | 015,223,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2011.05.21 08:01:00 | 013,011,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2011.05.21 08:01:00 | 011,992,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2011.05.21 08:01:00 | 008,863,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2011.05.21 08:01:00 | 007,123,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2011.05.21 08:01:00 | 006,555,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2011.05.21 08:01:00 | 006,300,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2011.05.21 08:01:00 | 005,301,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2011.05.21 08:01:00 | 003,040,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2011.05.21 08:01:00 | 002,943,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2011.05.21 08:01:00 | 002,804,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2011.05.21 08:01:00 | 002,644,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2011.05.21 08:01:00 | 002,560,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2011.05.21 08:01:00 | 002,335,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2011.05.21 08:01:00 | 002,212,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2011.05.21 08:01:00 | 002,082,408 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2011.05.21 08:01:00 | 001,496,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420150.dll [2011.05.21 08:01:00 | 001,427,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642090.dll [2011.05.21 08:01:00 | 000,739,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\easyUpdatusAPIU64.dll [2011.05.21 08:01:00 | 000,326,760 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhotkey.dll [2011.05.21 08:01:00 | 000,117,864 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2011.05.21 08:01:00 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2011.05.21 08:01:00 | 000,061,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2011.05.21 08:01:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2011.05.21 08:01:00 | 000,012,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd [2011.05.21 08:01:00 | 000,007,384 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2011.05.20 22:35:28 | 000,304,744 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.06.17 20:02:32 | 000,000,221 | ---- | C] () -- C:\Users\Dennis\Desktop\America's Army 3.url [2011.06.17 13:39:03 | 000,002,594 | ---- | C] () -- C:\Users\Public\Desktop\Alice Madness Returns.lnk [2011.06.16 18:15:17 | 000,003,304 | ---- | C] () -- C:\bootsqm.dat [2011.06.16 16:39:34 | 000,035,048 | ---- | C] () -- C:\Windows\Startorb image.bmp [2011.06.16 15:58:30 | 000,000,000 | ---- | C] () -- C:\Report [2011.06.16 12:41:46 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll [2011.06.15 18:59:23 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.06.15 17:42:57 | 000,001,972 | ---- | C] () -- C:\Users\Dennis\Desktop\Nemo-Crack.ru.lnk [2011.06.15 17:11:49 | 000,002,143 | ---- | C] () -- C:\Users\Dennis\Desktop\all good (GP).lnk [2011.06.15 16:55:19 | 000,001,182 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode 3.lnk [2011.06.15 16:55:19 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster 3.lnk [2011.06.13 03:59:03 | 000,000,032 | ---- | C] () -- C:\Windows\go [2011.06.13 03:58:54 | 000,001,092 | ---- | C] () -- C:\Users\Dennis\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide IP Platinum.lnk [2011.06.13 03:58:54 | 000,001,068 | ---- | C] () -- C:\Users\Dennis\Desktop\Hide IP Platinum.lnk [2011.06.11 11:24:36 | 000,001,996 | ---- | C] () -- C:\Users\Dennis\Desktop\Premium Link Generator.lnk [2011.06.09 17:49:45 | 000,051,040 | ---- | C] () -- C:\Windows\SysNative\oodbs.lor [2011.06.09 17:48:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2011.06.09 17:25:05 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk [2011.06.07 15:54:54 | 000,017,408 | ---- | C] () -- C:\Users\Dennis\AppData\Local\WebpageIcons.db [2011.06.07 15:53:55 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2011.06.07 15:53:54 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2011.05.30 14:36:40 | 000,000,237 | ---- | C] () -- C:\Users\Dennis\.swfinfo [2011.05.29 18:35:15 | 000,000,360 | -H-- | C] () -- C:\IPH.PH [2011.05.29 16:08:12 | 000,000,967 | ---- | C] () -- C:\Users\Dennis\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2011.05.28 19:17:15 | 000,001,556 | ---- | C] () -- C:\Users\Dennis\PDF.lnk [2011.05.28 12:55:45 | 000,001,709 | ---- | C] () -- C:\Windows\TSearch.INI [2011.05.27 19:26:29 | 000,045,286 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\room_v3.dat [2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.05.14 16:57:02 | 000,125,392 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.05.10 20:30:55 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.05.10 20:30:30 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.05.02 18:34:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.04.18 15:20:54 | 000,065,536 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\chrtmp [2011.04.15 18:43:34 | 000,315,682 | ---- | C] () -- C:\Windows\SysWow64\slwc.exe [2011.04.15 18:41:25 | 000,111,104 | ---- | C] () -- C:\Windows\SysWow64\Uharc.exe [2011.04.15 18:41:25 | 000,008,636 | ---- | C] () -- C:\Windows\SysWow64\modifype.exe [2011.04.14 20:21:55 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.05.15 12:23:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Any DVD Converter Professional [2011.06.02 18:23:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.04.30 15:00:33 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DAEMON Tools Lite [2011.05.17 16:25:32 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\FDRLab [2011.04.24 21:37:11 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leadertech [2011.06.18 18:16:16 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Megamedia [2011.05.03 21:11:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\PPLive [2011.05.03 18:03:38 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\replacer [2011.04.16 16:02:47 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software [2011.06.09 16:11:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Tunngle [2011.06.16 17:59:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\uTorrent [2011.05.07 16:24:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ViGlance [2011.06.10 16:27:37 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.06.02 19:44:51 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Adobe [2011.05.15 12:23:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Any DVD Converter Professional [2011.05.14 16:56:41 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Apple Computer [2011.05.14 11:21:48 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\AVS4YOU [2011.06.02 18:23:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.04.30 15:00:33 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DAEMON Tools Lite [2011.06.02 20:43:16 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DivX [2011.05.17 16:25:32 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\FDRLab [2011.04.14 20:10:07 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Identities [2011.04.24 21:37:11 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leadertech [2011.04.15 16:02:30 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Macromedia [2009.07.14 09:45:14 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Media Center Programs [2011.05.14 16:33:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Media Player Classic [2011.06.18 18:16:16 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Megamedia [2011.06.10 16:28:11 | 000,000,000 | --SD | M] -- C:\Users\Dennis\AppData\Roaming\Microsoft [2011.05.14 17:11:58 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Mozilla [2011.06.17 13:45:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\NVIDIA [2011.05.03 21:11:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\PPLive [2011.05.03 18:03:38 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\replacer [2011.04.16 16:02:47 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software [2011.06.09 16:11:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Tunngle [2011.06.16 17:59:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\uTorrent [2011.05.07 16:24:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ViGlance [2011.05.24 15:13:40 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\vlc [2011.04.14 20:15:13 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.06.09 16:10:16 | 000,053,784 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Defender\fdhfdhSCui.exefhgfdh [2011.05.03 21:11:45 | 009,258,944 | ---- | M] (Synacast Corp.) -- C:\Users\Dennis\AppData\Roaming\PPLive\Update\Update.exe [2007.06.07 14:52:42 | 000,057,856 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\replacer\moveex.exe [2007.01.26 21:59:44 | 000,503,296 | ---- | M] (hsiw) -- C:\Users\Dennis\AppData\Roaming\TuneUp Software\TU2011\StartUp Manager\Deaktivierte Objekte\leftsider64.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe [1 C:\*.tmp files -> C:\*.tmp -> ] < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2009.10.31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=5AC855BA79745016C16B9CFEAEE24F4F -- C:\Windows\W7SOC\explorer.exe [2009.10.31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=5DECCD8F824007CE7ED0ADF917F53FC7 -- C:\Windows\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 7 bytes -> C:\Report:kisextended @Alternate Data Stream - 7 bytes -> C:\Report:kavextended < End of report > |
|
19.06.2011, 19:07
| #5 |
| /// Malware-holic | Verdacht auf Trojaner oder Keylogger bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.06.2011, 19:32
| #6 |
| | Verdacht auf Trojaner oder Keylogger der log: Code:
ATTFilter ComboFix 11-06-17.04 - Dennis 19.06.2011 20:21:41.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1033.18.4091.2894 [GMT 2:00]
ausgeführt von:: c:\users\Dennis\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe
c:\program files (x86)\FunWebProducts
c:\program files (x86)\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}
c:\program files (x86)\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome.manifest
c:\program files (x86)\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome\scanquery.jar
c:\program files (x86)\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults\preferences\prefs.js
c:\program files (x86)\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\install.rdf
c:\program files (x86)\MyWebSearch
c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat
c:\program files (x86)\ScanQuery
c:\program files (x86)\ScanQuery\scanquery.dll
c:\users\Dennis\AppData\Roaming\chrtmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-19 bis 2011-06-19 ))))))))))))))))))))))))))))))
.
.
2011-06-19 18:25 . 2011-06-19 18:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-19 18:20 . 2011-06-19 18:20 -------- d-----w- C:\32788R22FWJFW
2011-06-18 19:26 . 2011-06-18 19:26 -------- dc-h--w- c:\programdata\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}
2011-06-18 16:16 . 2011-06-18 16:16 -------- d-----w- C:\Update
2011-06-18 16:16 . 2011-06-18 16:16 -------- d-----w- c:\users\Dennis\AppData\Roaming\Megamedia
2011-06-18 16:16 . 2011-06-18 16:16 -------- d-----w- c:\programdata\Megamedia
2011-06-18 16:16 . 2011-06-18 16:16 -------- d-----w- c:\users\Dennis\AppData\Local\Megamedia
2011-06-18 09:48 . 2011-06-18 09:48 -------- d-----w- c:\programdata\EA Core
2011-06-17 11:45 . 2011-06-17 11:45 -------- d-----w- c:\users\Dennis\AppData\Roaming\NVIDIA
2011-06-17 11:14 . 2011-06-17 11:14 -------- d-----w- c:\program files (x86)\EA Games
2011-06-16 16:14 . 2011-06-16 16:14 -------- d-----w- C:\found.000
2011-06-16 14:39 . 2009-07-13 18:41 898560 ----a-w- c:\windows\system32\OobeFldr.dll
2011-06-15 17:10 . 2011-06-15 17:10 -------- d-----w- c:\users\UpdatusUser
2011-06-15 17:06 . 2011-06-15 17:06 -------- d-----w- C:\NVIDIA
2011-06-15 16:53 . 2011-04-08 05:14 1619048 ----a-w- c:\windows\system32\nvdispco6420140.dll
2011-06-15 16:53 . 2011-04-08 05:14 1404008 ----a-w- c:\windows\system32\nvgenco642060.dll
2011-06-15 14:57 . 2011-06-15 15:49 -------- d-----w- c:\program files (x86)\Game Prelauncher
2011-06-15 14:55 . 2011-06-15 14:55 -------- d-----w- c:\programdata\IObit
2011-06-14 12:34 . 2010-07-25 04:19 108336 ----a-w- c:\windows\SysWow64\socket.ocx
2011-06-13 01:58 . 2011-06-13 02:00 -------- d-----w- c:\windows\vf_hip
2011-06-13 01:58 . 2011-06-13 01:59 -------- d-----w- c:\program files (x86)\Hide IP Platinum
2011-06-12 14:17 . 2011-06-12 14:17 -------- d-----w- c:\users\Dennis\AppData\Local\Solo-Dev
2011-06-11 20:17 . 2011-06-11 20:27 -------- d-----w- c:\program files (x86)\Duke Nukem Forever
2011-06-11 13:41 . 2011-06-11 13:41 -------- d-----w- c:\program files\7-Zip
2011-06-11 09:24 . 2011-06-11 09:25 -------- d-----w- c:\program files (x86)\Premium Link Generator
2011-06-10 14:28 . 2011-06-18 09:48 -------- d-----w- c:\users\Dennis\AppData\Local\VirtualStore
2011-06-09 15:37 . 2011-06-09 15:37 -------- d-----w- c:\windows\system32\oodag
2011-06-09 15:25 . 2011-01-12 09:42 16376 ----a-w- c:\windows\system32\drivers\TVMonitor.sys
2011-06-09 15:25 . 2011-06-09 15:25 -------- d-----w- c:\program files (x86)\TeamViewer
2011-06-09 14:49 . 2011-06-09 14:49 -------- d-----w- c:\users\Dennis\AppData\Local\O&O
2011-06-09 14:49 . 2011-06-09 14:49 -------- d-----w- c:\programdata\OO Software
2011-06-09 14:49 . 2011-06-09 14:49 -------- d-----w- c:\program files (x86)\OO Software
2011-06-09 14:49 . 2011-06-09 14:49 -------- d-----w- c:\program files\OO Software
2011-06-09 14:49 . 2011-06-09 14:49 -------- d-----w- c:\users\Dennis\AppData\Local\Downloaded Installations
2011-06-08 18:28 . 2011-06-09 14:11 -------- d-----w- c:\users\Dennis\AppData\Roaming\Tunngle
2011-06-08 18:28 . 2011-06-08 18:28 -------- d-----w- c:\programdata\Tunngle
2011-06-08 18:28 . 2009-09-16 05:02 31232 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2011-06-08 12:02 . 2011-06-08 12:02 -------- d-----w- c:\windows\SysWow64\Adobe
2011-06-07 13:52 . 2011-06-19 18:15 -------- d-----w- c:\programdata\Kaspersky Lab
2011-06-07 13:52 . 2011-06-07 13:52 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2011-06-05 12:50 . 2011-06-05 12:50 -------- d-----w- c:\program files (x86)\Window Renamer
2011-06-03 17:27 . 2011-06-05 09:14 -------- d-----w- c:\programdata\McAfee
2011-06-03 14:29 . 2011-06-03 14:29 -------- d-----w- c:\programdata\Xerox
2011-06-02 18:45 . 2011-06-02 18:45 -------- d-----w- c:\users\Dennis\AppData\Local\DDMSettings
2011-06-02 18:43 . 2011-06-02 18:43 -------- d-----w- c:\users\Dennis\AppData\Roaming\DivX
2011-06-02 18:42 . 2011-06-02 18:42 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-06-02 18:42 . 2011-06-02 18:42 -------- d-----w- c:\program files\DivX
2011-06-02 18:42 . 2011-06-02 18:42 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2011-06-02 18:41 . 2011-06-02 18:43 -------- d-----w- c:\program files (x86)\DivX
2011-06-02 18:40 . 2011-06-02 18:43 -------- d-----w- c:\programdata\DivX
2011-06-02 18:11 . 2011-06-02 18:13 -------- d-----w- c:\program files\PhotoshopPortable
2011-06-02 17:31 . 2011-06-02 17:31 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-06-02 17:00 . 2011-06-02 18:18 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-06-02 16:49 . 2011-06-02 16:51 -------- d-----w- c:\program files (x86)\FBP - Facebook Blaster Pro
2011-06-02 16:25 . 2011-06-02 16:28 -------- d-----w- c:\users\Dennis\Creative Suite 5.5 Design Premium
2011-06-02 16:23 . 2011-06-02 16:23 -------- d-----w- c:\users\Dennis\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-05-31 15:21 . 2011-05-31 15:53 -------- d-----w- c:\programdata\Avira
2011-05-30 12:36 . 2011-05-30 12:36 -------- d-----w- c:\users\Dennis\fontconfig
2011-05-30 10:08 . 2010-02-25 14:51 29696 ----a-w- c:\windows\system32\drivers\tap0901.sys
2011-05-30 10:08 . 2011-05-30 10:08 -------- d-----w- c:\program files\S.A.D
2011-05-29 19:23 . 2011-05-29 19:24 -------- d---a-w- C:\.Trash-1000
2011-05-29 18:23 . 2011-05-29 18:23 -------- d-----w- c:\users\Dennis\AppData\Local\CrashRpt
2011-05-29 16:36 . 2011-05-29 16:36 -------- d-----w- c:\users\Dennis\AppData\Local\AOL
2011-05-29 16:35 . 2011-05-29 16:35 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility
2011-05-29 16:35 . 2011-05-29 16:39 -------- d-----w- c:\program files (x86)\Common Files\AOL
2011-05-29 14:08 . 2011-05-29 14:08 -------- d-----w- c:\program files (x86)\uTorrent
2011-05-29 14:06 . 2011-05-29 14:06 -------- d-----w- c:\users\Dennis\AppData\Local\uTorrent
2011-05-29 14:06 . 2011-06-16 15:59 -------- d-----w- c:\users\Dennis\AppData\Roaming\uTorrent
2011-05-29 11:32 . 2011-05-30 15:38 -------- d-----w- c:\users\Dennis\Games
2011-05-27 14:25 . 2011-05-27 17:01 -------- d-----w- c:\program files (x86)\Garena
2011-05-24 16:24 . 2011-05-24 16:24 -------- d-----w- c:\program files\Tracker Software
2011-05-24 13:13 . 2011-05-24 13:13 -------- d-----w- c:\users\Dennis\AppData\Roaming\vlc
2011-05-24 13:12 . 2011-05-24 13:12 -------- d-----w- c:\program files (x86)\VideoLAN
2011-05-22 17:54 . 2011-05-22 17:54 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-05-21 14:11 . 2011-05-21 14:11 -------- d-----w- c:\users\Dennis\AppData\Local\Electronic Arts
2011-05-21 14:11 . 2011-05-21 14:11 -------- d-----w- c:\programdata\Electronic Arts
2011-05-21 14:10 . 2011-05-21 14:10 -------- d-----w- c:\program files (x86)\Electronic Arts
2011-05-20 20:35 . 2011-05-20 20:35 304744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-13 02:26 . 2011-05-13 14:47 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-30 08:41 . 2011-05-10 18:33 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-05-30 08:41 . 2011-05-10 18:30 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-05-30 08:32 . 2011-05-10 18:30 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-05-27 17:11 . 2011-05-10 18:30 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-05-21 06:01 . 2011-03-17 02:03 739432 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-05-21 06:01 . 2011-03-17 02:03 6300776 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-21 06:01 . 2011-03-17 02:03 3040872 ----a-w- c:\windows\system32\nvsvc64.dll
2011-05-21 06:01 . 2011-03-17 02:03 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-21 06:01 . 2011-03-17 02:02 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-05-21 06:01 . 2011-03-17 02:02 326760 ----a-w- c:\windows\system32\nvhotkey.dll
2011-05-21 06:01 . 2011-03-17 02:02 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-05-21 06:01 . 2011-03-17 02:02 1016936 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-03 16:11 . 2011-04-14 18:21 925184 ----a-w- c:\windows\expstart.exe
2011-05-01 11:42 . 2011-05-01 11:42 3608 ----a-w- C:\STFE7B5.tmp
2011-04-29 10:25 . 2011-04-29 10:25 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-29 10:19 . 2011-04-29 10:19 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-04-26 05:58 . 2011-04-26 05:58 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-04-26 05:58 . 2011-04-26 05:58 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-04-24 21:14 . 2011-04-24 21:14 234896 ----a-w- c:\windows\system32\klogon.dll
2011-04-15 16:06 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\SysWow64\themeui.dll
2011-04-15 16:06 . 2009-07-13 23:39 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll
2011-04-15 13:58 . 2011-04-15 13:58 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-04-15 13:58 . 2011-04-15 13:58 4068864 ----a-w- c:\windows\system32\mf.dll
2011-04-15 13:58 . 2011-04-15 13:58 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-04-15 13:58 . 2011-04-15 13:58 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2011-04-15 13:58 . 2011-04-15 13:58 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-04-15 13:58 . 2011-04-15 13:58 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-04-15 13:58 . 2011-04-15 13:58 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-04-15 13:58 . 2011-04-15 13:58 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-04-15 13:58 . 2011-04-15 13:58 206848 ----a-w- c:\windows\system32\mfps.dll
2011-04-15 13:58 . 2011-04-15 13:58 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-04-15 13:58 . 2011-04-15 13:58 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-04-15 13:58 . 2011-04-15 13:58 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2011-04-15 13:58 . 2011-04-15 13:58 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2011-04-15 13:58 . 2011-04-15 13:58 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2011-04-15 13:58 . 2011-04-15 13:58 144384 ----a-w- c:\windows\system32\cdd.dll
2011-04-15 13:58 . 2011-04-15 13:58 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2011-04-15 13:58 . 2011-04-15 13:58 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-04-06 14:26 . 2011-04-06 14:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 14:26 . 2011-04-06 14:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:26 . 2011-04-06 14:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-30 17:50 . 2011-04-15 16:14 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-03-30 17:45 . 2011-04-15 16:14 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-03-30 17:45 . 2011-04-15 16:13 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-03-30 17:45 . 2011-04-15 16:14 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-03-30 17:45 . 2011-04-15 16:14 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[-] 2009-10-30 . 5DECCD8F824007CE7ED0ADF917F53FC7 . 2870272 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[-] 2009-10-30 . 5AC855BA79745016C16B9CFEAEE24F4F . 2870272 . . [6.1.7600.16385] .. c:\windows\W7SOC\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{77F4E711-789B-447F-9614-96759B2F83C6}]
2011-06-18 16:16 64000 ----a-w- c:\users\Dennis\AppData\Local\Megamedia\Megakey\MegaIeHelper.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Megakey"="c:\users\Dennis\AppData\Local\Megamedia\Megakey\Megakey.exe" [2011-06-18 2593280]
"MegakeyUpdater"="c:\users\Dennis\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe" [2011-06-18 64000]
"CursorFX"="c:\program files (x86)\Stardock\CursorFX\CursorFX.exe" [2010-03-23 417280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"facemoods"="c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dump_wmimmc;dump_wmimmc;c:\program files\gPotato.eu\FlyFF\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-02-10 11856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 X6va005;X6va005;c:\users\Dennis\AppData\Local\Temp\005935A.tmp [x]
R4 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2011-03-22 2421384]
R4 GatewayAgentService;O&O Gateway Agent Service;c:\program files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe [2010-11-19 316744]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-03-30 2026304]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2010-11-25 3152200]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1410892137-877069167-2350996814-1001Core.job
- c:\users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 13:29]
.
2011-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1410892137-877069167-2350996814-1001UA.job
- c:\users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 13:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77F4E711-789B-447F-9614-96759B2F83C6}]
2011-06-18 16:16 78336 ----a-w- c:\users\Dennis\AppData\Local\Megamedia\Megakey\x64\MegaIeHelper64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Capture Web Page - c:\users\Dennis\AppData\Local\Megamedia\Megakey\CaptureWebPage.htm
IE: Fetch to Megaupload - c:\users\Dennis\AppData\Local\Megamedia\Megakey\MegaUpload.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
LSP: c:\programdata\Megamedia\Megakey\msadm.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Dennis\AppData\Local\Temp\005935A.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="AF34148A01768F9AF23ED95CA71CA173729310FB5CB15BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E6678EDD5E5BE2F6E667C038D530D6EB34525CCAB58FA5588F2CC4CEA0DFA7144D77417C62F9F250899FA44B5D7309B726CB2986B2B64581BB83B2883F0E26FB62E6AC2B2309B37980396C985BADE6FD2EB6A86B6FF0ABC8A9BE7D93AB916F2656CB089AE733BC1450BE87A866CC6E3712F096683C6F6A212223732ECC517061D9325076D130FC6BB321C2B1788230CDB27231620DF6D231504C608730C4E0B281F886DB274FAA82C9266F5D321003DED9833BB07ADEFBD346A91BC6087B36CFC8532EDCD1723F8B14E365CBD4CD823C3042FA1FBE92C11676FCF90227942DA50DCA50805F1177F079C97B11482789EA489F3BED3A1544BC3BDDD74888C4C6548DB9F9408333534EC3979231951B3EA513E3CAD1F1F8E43C4FB5951A4758C62EF0D03C8A11799A732262882A6E3D03586926FCF18D65CB40D4C5176DA5AAB4BA4012AA3F05945465A61346E92433052586D5A66AD79863A7CE1EC22A882C5D3569D7DE377ACB4E5DC8E5B3D2AD3AB0E20934A44C4262DB83A62785ADF7E3D08EBE4C753CB5F89947E06BBEBC25A03818F457531A5EA5279BA79ACD49216AE269F2708E899A890BC32F0959724B4A130631A896CC67DC7D69038890C1D46C2C1D22964E5435813DA7547779B302AD7A1B0A65D5D0B692D99CCC52C44F08AC88B5C7665EC0B1F58BFAD8C318325057EBFEAD207A854DE7FA177D30E59F547E1872475D6BE9E291977AA44D3395E0E42B89B03E733E4E116470712CF2D475CC40C664C9255D3D924717094B4C78040BBD49897AB3C381565C70E825F082CC94A6DAC7D0C11DDC4AC2743644696BAA90EB7F14E132D2D3946F9889CD67B2DFE6398981E8F79FFD21F8EB4395946FEBD0C6229055681AD43A6B1BD9AC61E056E82862015E064D848F98092BF0D97C833A1FDAA08C553F39CC64DB479CEE007F53E6281CCF2C06F3A4188DCAD94C7ED0518B05CD8F7D5957E43278A2CC23744974AE548CB3AE9BF682316DE52A015355ADE435013D64F32B2EEDBE1F401695CA2D7A116F4FD5D3DBDFE051A20E90CD39F8CAAE0CC5180F55E9772F564D64333BF20B3F46BF6F68148566160B869BB5C5729EEC9FB1A4201A6AF382441EAB0DF8CE63F076744C073754494B8D68C1466C6F079B56581D8D601947A34833115784DD4E6D4A313FD27CBBD1B5FC5CA72D3E556D1DA968193434F29FAEA8DDBB3C8152D431EC0DA2E0C3C30D4E90DE790F7120018779E333E4C608E9F78CC457D7BA70C9EB71F552BB8D86CBC160C16282E25F33A388A009E1EAFB5A0501E2933D1C90BE004D292F618131A2EFEB2817"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-06-19 20:28:00
ComboFix-quarantined-files.txt 2011-06-19 18:27
.
Vor Suchlauf: 194.616.975.360 bytes free
Nach Suchlauf: 194.507.780.096 bytes free
.
- - End Of File - - CAFE0472F674D0EE40074CB1295C03C6
|
|
19.06.2011, 19:34
| #7 |
| /// Malware-holic | Verdacht auf Trojaner oder Keylogger download malwarebytes: Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.06.2011, 20:15
| #8 |
| | Verdacht auf Trojaner oder Keylogger Log 1 Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 6897
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
19.06.2011 20:49:24
mbam-log-2011-06-19 (20-49-24).txt
Art des Suchlaufs: Flash-Scan
Durchsuchte Objekte: 142070
Laufzeit: 15 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\ScanQuery (Adware.ScanQuery) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 6897
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
19.06.2011 21:12:48
mbam-log-2011-06-19 (21-12-48).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 310485
Laufzeit: 22 Minute(n), 38 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Qoobox\quarantine\C\program files (x86)\scanquery\scanquery.dll.vir (Adware.Agent.Gen) -> Quarantined and deleted successfully.
|
|
19.06.2011, 20:17
| #9 |
| /// Malware-holic | Verdacht auf Trojaner oder Keylogger lade den CCleaner standard: CCleaner - Standard falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
24.06.2011, 12:26
| #10 |
| | Verdacht auf Trojaner oder Keylogger sorry ich war im Urlaub und konnte deshalb nicht antworten...7 hier ist die Liste: Code:
ATTFilter 7-Zip 9.20 (x64 edition) Igor Pavlov 10.06.2011 4,53MB 9.20.00.0 notwendig
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 12.06.2011 6,00MB 10.3.181.23 notwendig
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 12.05.2011 6,00MB 10.3.181.14 notwendig
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 07.06.2011 11.5.9.620 notwendig
Akamai NetSession Interface 17.05.2011 unbekannt
Alice: Madness Returns 16.06.2011 notwendig
America's Army 3 U.S. Army 16.06.2011 notwendig
Any DVD Converter Professional 3.7.7 Any-DVD-Converter.com 14.05.2011 unnötig
AnyTV Pro 5.1 FDRLab, Inc. 16.05.2011 4,96MB unnötig
Apple Application Support Apple Inc. 13.05.2011 51,0MB 1.5.1 notwendig
Apple Mobile Device Support Apple Inc. 13.05.2011 22,4MB 3.4.0.25 notwendig
Apple Software Update Apple Inc. 13.05.2011 2,26MB 2.1.2.120 notwendig
Bonjour Apple Inc. 13.05.2011 1,75MB 2.0.5.0 notwendig
Call of Duty: Black Ops - Multiplayer Treyarch 06.05.2011 notwendig
CCleaner Piriform 14.06.2011 3.07 notwendig
Combined Community Codec Pack 2009-09-09 CCCP Project 13.04.2011 2009.09.09.0 notwendig
CursorFX Stardock Corporation 17.06.2011 notwendig
CyberGhost VPN S.A.D. GmbH 29.05.2011 56,6MB notwendig
DAEMON Tools Lite DT Soft Ltd 28.04.2011 4.40.2.0131 notwendig
DivX-Setup DivX, LLC 01.06.2011 2.5.0.11 unnötig
Download Updater (AOL LLC) 28.05.2011 unbekannt
EA Download Manager Electronic Arts, Inc. 20.05.2011 8.0.3.427 notwendig
Facemoods Toolbar 11.05.2011 unnötig
FBP - Facebook Blaster Pro Digital Media Group 01.06.2011 8,36MB 9.0.3 unnötig
Flyff Gala Networks Europe Limited 29.04.2011 Flyff notwendig
FlyFF Automaton (v1.00) 15.05.2011 unbekannt
FriendAdderElite Default Company Name 01.06.2011 19,1MB 4.0.1 unnötig
Game Booster IObit 14.06.2011 11,6MB 3.0 notwendig
Game Prelauncher version 3.1.2 14.06.2011 2,75MB 3.1.2 notwendig
Garena 2010 Garena Online Pte Ltd. 26.05.2011 2010 unnötig
Google Chrome Google Inc. 15.05.2011 12.0.742.100 notwendig
Hide IP Platinum 3.42 Volcano Force 12.06.2011 unnötig
iTunes Apple Inc. 13.05.2011 144,9MB 10.2.2.12 notwendig
Java(TM) 6 Update 22 Oracle 02.05.2011 95,0MB 6.0.220 notwendig
Java(TM) 6 Update 25 Oracle 28.04.2011 94,7MB 6.0.250 notwendig
JDownloader 0.9 AppWork GmbH 11.05.2011 0.9 notwendig
Kaspersky Internet Security 2012 Kaspersky Lab 06.06.2011 12.0.0.374 notwendig
Malwarebytes' Anti-Malware Version 1.51.0.1200 Malwarebytes Corporation 18.06.2011 13,8MB 1.51.0.1200 notwendig
Megakey Megamedia Ltd. 17.06.2011 0.9.0.0 notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 27.04.2011 38,8MB 4.0.30319 notwendig
Microsoft Office Professional Home and Student 2010 Microsoft Corporation 15.04.2011 14.0.4763.1000 notwendig
Microsoft Silverlight Microsoft Corporation 21.05.2011 20,5MB 4.0.60310.0 notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 12.05.2011 0,34MB 8.0.59193 notwendig
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 16.04.2011 0,19MB 9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 29.05.2011 2,52MB 9.0.21022 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 15.04.2011 0,58MB 9.0.30729 notwendig
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 16.04.2011 13,7MB 10.0.30319 notwendig
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 20.05.2011 11,0MB 10.0.30319 notwendig
NVIDIA 3D Vision Controller Driver 275.33 NVIDIA Corporation 14.06.2011 275.33 notwendig
NVIDIA 3D Vision Driver 275.33 NVIDIA Corporation 14.06.2011 275.33 notwendig
NVIDIA Graphics Driver 275.33 NVIDIA Corporation 14.06.2011 275.33 notwendig
NVIDIA HD Audio Driver 1.2.23.3 NVIDIA Corporation 14.06.2011 1.2.23.3 notwendig
NVIDIA PhysX System Software 9.10.0514 NVIDIA Corporation 14.06.2011 9.10.0514 notwendig
NVIDIA Update 1.3.5 NVIDIA Corporation 14.06.2011 1.3.5 notwendig
O&O Defrag Server O&O Software GmbH 08.06.2011 53,3MB 14.1.305 unnötig
PDF-XChange Viewer Tracker Software Products Ltd. 23.05.2011 44,3MB 2.5.195.0 notwendig
PPLive 1.9 Synacast 02.05.2011 1.9.47 unnötig
Premium Link Generator 1.00 10.06.2011 unbekannt
QuickTime Apple Inc. 13.05.2011 73,7MB 7.69.80.9 notwendig
RocketDock 1.3.5 Punk Software 14.04.2011 notwendig
Safari Apple Inc. 13.05.2011 41,3MB 5.33.21.1 notwendig
SopCast 3.3.2 www.sopcast.com 14.04.2011 3.3.2 notwendig
Steam Valve Corporation 29.04.2011 1,59MB 1.0.0.0 notwendig
TeamViewer 6 TeamViewer GmbH 08.06.2011 6.0.10722 notwendig
TuneUp Utilities 2011 TuneUp Software 14.04.2011 10.0.4010.25 notwendig
TVAnts 1.0 02.05.2011 notwendig
Veetle TV 0.9.18 Veetle, Inc 02.05.2011 0.9.18 notwendig
VLC media player 1.0.5 VideoLAN Team 23.05.2011 1.0.5 notwendig
Window Renamer 1.0 FireBlood's Dev 04.06.2011 notwendig
Windows Media Player Firefox Plugin Microsoft Corp 28.04.2011 0,29MB 1.0.0.8 notwendig
WinRAR arkivering 13.04.2011 notwendig
µTorrent 28.05.2011 3.0.0 notwendig
|
|
24.06.2011, 14:27
| #11 |
| /// Malware-holic | Verdacht auf Trojaner oder Keylogger deinstaliere Any DVD AnyTV Bonjour kann auch weg DivX-Setup Facemoods FBP FlyFF FriendAdderElite Game Booster ist sinnlos kann eig weg. Garena Hide IP Java alle Java SE Downloads download jre, lade offline installer und instaliere. deinstaliere OO Defrag PPLive Premium Link Generator TuneUp verzichte auf so nen schrott. die werbung die die machen, tuning versprechen, ist alles quatsch und kann dem rechner schaden. weg damit. bereinige mit dem ccleaner
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
24.06.2011, 16:51
| #12 |
| | Verdacht auf Trojaner oder Keylogger alles gemacht.... danke für die Hilfe. |
|
24.06.2011, 17:04
| #13 |
| /// Malware-holic | Verdacht auf Trojaner oder Keylogger gibts bzw gabs noch probleme?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
24.06.2011, 19:15
| #14 |
| | Verdacht auf Trojaner oder Keylogger nein gar keine mehr. |
|
24.06.2011, 19:25
| #15 |
| /// Malware-holic | Verdacht auf Trojaner oder Keylogger ok endere alle passwörter
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Verdacht auf Trojaner oder Keylogger |
| account, adware.agent.gen, adware.scanquery, adware.softomate, anderen, anmelden, antworten, computer, geändert, heute, kaspersky, keylogger, liebe, mails, melden, nicht mehr, passwort, passwort geändert, programm, schnelle, troja, verdacht, viren |
Linear-Darstellung
