Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Battle.net Account Gehackt-> Pc infiziert?

Battle.net Account Gehackt-> Pc infiziert?


Log-Analyse und Auswertung: Battle.net Account Gehackt-> Pc infiziert?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 30.06.2011, 21:32   #1
Calt
 
Battle.net Account Gehackt-> Pc infiziert? - Icon21

Battle.net Account Gehackt-> Pc infiziert?


Guten Abend,
Ich musste heute Abend leider feststellen das mein Battle.net Account gehackt wurde. Standart Geschichte, WoW Chars blank etc. Das Problem nun ist das ich eigenlich WoW schon längere Zeit nicht mehr auf dem PC habe und seit der letzten Formatierung nur Starcraft 2 gespielt habe. Ich bin nun besorgt ob etwas auf meinem PC schlummert oder es einfach erraten wurde (Zu einfaches PW)

Defogger
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:59 on 30/06/2011 (Calt)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCUAEMON Tools Lite -> Removed

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
Otl
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.06.2011 22:03:00 - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Calt\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,66 Gb Available Physical Memory | 83,50% Memory free
15,95 Gb Paging File | 14,53 Gb Available in Paging File | 91,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 99,90 Gb Total Space | 70,72 Gb Free Space | 70,79% Space Free | Partition Type: NTFS
Drive D: | 881,50 Gb Total Space | 731,73 Gb Free Space | 83,01% Space Free | Partition Type: NTFS
Drive E: | 881,51 Gb Total Space | 727,24 Gb Free Space | 82,50% Space Free | Partition Type: NTFS
Drive F: | 2,81 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: URF | User Name: Calt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.06.30 22:02:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Calt\Desktop\OTL.exe
PRC - [2011.06.30 21:28:19 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.29 18:18:47 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011.06.29 17:32:09 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe
PRC - [2011.04.21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.27 09:46:38 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.04.27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.06.30 22:02:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Calt\Desktop\OTL.exe
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.06.30 21:28:19 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.29 18:18:47 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.04.21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.27 09:46:38 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.12.15 14:07:17 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\RPG\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.06.30 21:28:19 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.30 21:28:19 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.11.12 01:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.10.26 11:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.04.27 09:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 09:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 A4 8B 8A F5 36 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Steam] D:\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com.tw/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f7c78bea-a239-11e0-bea4-907c2473a93d}\Shell - "" = AutoRun
O33 - MountPoints2\{f7c78bea-a239-11e0-bea4-907c2473a93d}\Shell\AutoRun\command - "" = H:\Borderlands.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.30 22:02:14 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Calt\Desktop\OTL.exe
[2011.06.30 21:57:25 | 000,000,000 | ---D | C] -- C:\Users\Calt\Desktop\backups
[2011.06.30 21:54:14 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Calt\Desktop\dds.scr
[2011.06.30 21:49:23 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Calt\Desktop\HiJackThis204.exe
[2011.06.30 19:19:39 | 000,000,000 | ---D | C] -- C:\BDS
[2011.06.30 17:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011.06.30 17:29:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2011.06.30 17:29:11 | 002,580,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2011.06.30 17:29:11 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2011.06.30 17:29:11 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2011.06.30 17:29:11 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2011.06.30 17:29:11 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2011.06.30 17:29:10 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2011.06.30 17:29:10 | 001,770,328 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2011.06.30 17:29:10 | 001,716,368 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2011.06.30 17:29:10 | 000,419,472 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2011.06.30 17:29:10 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2011.06.30 17:29:10 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2011.06.30 17:29:10 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2011.06.30 17:29:10 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2011.06.30 17:29:10 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2011.06.30 17:29:10 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2011.06.30 17:29:10 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2011.06.30 17:29:10 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2011.06.30 17:29:10 | 000,125,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2011.06.30 17:29:10 | 000,106,640 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2011.06.30 17:29:10 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2011.06.30 17:29:10 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2011.06.30 17:29:10 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2011.06.30 17:29:10 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2011.06.30 17:29:10 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2011.06.30 17:29:10 | 000,072,336 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2011.06.30 17:29:09 | 001,937,312 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2011.06.30 17:29:09 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2011.06.30 17:29:09 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2011.06.30 17:29:09 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2011.06.30 17:29:09 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2011.06.30 17:29:09 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2011.06.30 17:29:09 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2011.06.30 17:29:09 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2011.06.30 17:29:09 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2011.06.30 17:29:09 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2011.06.30 17:29:09 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2011.06.30 17:29:09 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2011.06.30 17:29:09 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2011.06.30 17:29:07 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2011.06.30 17:24:33 | 000,000,000 | ---D | C] -- C:\Users\Calt\Documents\Realtek_Audio_V5106235_WinXp_V6016235_VistaWin7
[2011.06.30 17:15:44 | 000,471,040 | ---- | C] (AVM Berlin) -- C:\Windows\instwcli.dex
[2011.06.30 16:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2011.06.30 16:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2011.06.30 16:51:20 | 000,000,000 | ---D | C] -- C:\Users\Calt\Documents\NEC
[2011.06.30 16:49:10 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2011.06.30 16:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011.06.30 16:48:49 | 000,000,000 | ---D | C] -- C:\Users\Calt\Documents\Chipset
[2011.06.30 16:48:07 | 000,000,000 | ---D | C] -- C:\Intel
[2011.06.30 16:47:34 | 000,000,000 | ---D | C] -- C:\Users\Calt\AppData\Roaming\Download Manager
[2011.06.30 16:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.06.30 16:43:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.06.30 16:43:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011.06.30 07:10:48 | 000,000,000 | ---D | C] -- C:\Users\Calt\AppData\Roaming\SEGA Corporation
[2011.06.30 07:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SEGA Corporation
[2011.06.30 07:09:35 | 000,000,000 | ---D | C] -- C:\Users\Calt\Documents\Alpha Protocol
[2011.06.29 21:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[2011.06.29 21:22:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2011.06.29 21:13:37 | 000,000,000 | ---D | C] -- C:\Users\Calt\AppData\Roaming\Lionhead Studios
[2011.06.29 20:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2011.06.29 19:38:37 | 000,000,000 | ---D | C] -- C:\Users\Calt\AppData\Roaming\WinRAR
[2011.06.29 19:38:37 | 000,000,000 | ---D | C] -- C:\Users\Calt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.06.29 19:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.06.29 19:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.06.29 19:31:35 | 000,000,000 | ---D | C] -- C:\Users\Calt\Documents\Eidos
[2011.06.29 19:31:18 | 000,000,000 | ---D | C] -- C:\Users\Calt\AppData\Local\Diagnostics
[2011.06.29 19:27:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos
[2011.06.29 19:02:41 | 000,000,000 | ---D | C] -- C:\Users\Calt\AppData\Roaming\LolClient
[2011.06.29 18:42:28 | 000,000,000 | ---D | C] -- C:\Users\Calt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011.06.29 18:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
[2011.06.29 18:36:04 | 000,000,000 | ---D | C] -- C:\Users\Calt\AppData\Roaming\Macromedia
[2011.06.29 18:36:03 | 000,000,000 | ---D | C] -- C:\Users\Calt\AppData\Roaming\Adobe
[2011.06.29 18:35:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011.06.29 18:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2011.06.29 18:33:57 | 000,000,000 | ---D | C] -- C:\Users\Calt\AppData\Roaming\ICQ
[2011.06.29 18:33:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.5
[2011.06.29 18:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011.06.29 17:38:59 | 000,000,000 | ---D | C] -- C:\Users\Calt\Documents\StarCraft II
[2011.06.29 17:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011.06.29 17:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011.06.29 17:38:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2011.06.29 17:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011.06.29 17:31:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2011.06.29 17:29:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011.06.29 17:21:31 | 000,000,000 | ---D | C] -- C:\Users\Calt\AppData\Roaming\Skype
[2011.06.29 17:20:29 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011.06.29 17:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.06.29 17:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011.06.29 17:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2011.06.29 17:14:47 | 000,406,632 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2011.06.29 17:14:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2011.06.29 15:11:00 | 000,000,000 | ---D | C] -- C:\Users\Calt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2011.06.29 14:01:50 | 000,000,000 | ---D | C] -- C:\Users\Calt\AppData\Roaming\NVIDIA
[2011.06.29 13:59:28 | 000,000,000 | ---D | C] -- C:\Users\Calt\Documents\BioWare
[2011.06.29 13:59:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011.06.29 13:39:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2011.06.29 13:08:12 | 000,000,000 | RH-D | C] -- C:\Users\Calt\AppData\Roaming\SecuROM
[2011.06.29 13:06:15 | 000,000,000 | ---D | C] -- C:\Users\Calt\Documents\My Games
[2011.06.29 13:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2011.06.29 12:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2011.06.29 12:51:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011.06.29 12:51:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011.06.29 12:39:58 | 000,000,000 | ---D | C] -- C:\Users\Calt\AppData\Roaming\Ubisoft
[2011.06.29 12:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011.06.29 12:32:00 | 000,000,000 | ---D | C] -- C:\Users\Calt\AppData\Roaming\InstallShield
[2011.06.29 12:23:39 | 000,513,080 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2011.06.29 12:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011.06.29 12:23:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011.06.29 12:23:08 | 000,000,000 | ---D | C] -- C:\Users\Calt\AppData\Roaming\DAEMON Tools Lite
[2011.06.29 12:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011.06.29 12:22:47 | 000,000,000 | ---D | C] -- C:\Users\Calt\AppData\Roaming\Opera
[2011.06.29 12:22:47 | 000,000,000 | ---D | C] -- C:\Users\Calt\AppData\Local\Opera
[2011.06.29 12:22:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2011.06.29 12:21:26 | 000,000,000 | ---D | C] -- C:\Users\Calt\AppData\Roaming\Avira
[2011.06.29 12:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.06.29 12:17:56 | 000,123,784 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.06.29 12:17:56 | 000,088,288 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.06.29 12:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.06.29 12:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.06.29 12:13:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011.06.29 12:12:24 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011.06.29 12:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2011.06.29 12:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011.06.29 12:11:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2011.06.29 12:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011.06.29 12:11:06 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.06.29 12:11:06 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011.06.29 12:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011.06.29 12:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011.06.29 12:10:08 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011.06.29 11:56:56 | 000,000,000 | R--D | C] -- C:\Users\Calt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.06.29 11:56:56 | 000,000,000 | R--D | C] -- C:\Users\Calt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.06.29 11:56:55 | 000,000,000 | R--D | C] -- C:\Users\Calt\Searches
[2011.06.29 11:56:47 | 000,000,000 | ---D | C] -- C:\Users\Calt\AppData\Roaming\Identities
[2011.06.29 11:56:45 | 000,000,000 | R--D | C] -- C:\Users\Calt\Contacts
[2011.06.29 11:56:42 | 000,000,000 | ---D | C] -- C:\Users\Calt\AppData\Local\VirtualStore
[2011.06.29 11:56:33 | 000,000,000 | -HSD | C] -- C:\Users\Calt\Vorlagen
[2011.06.29 11:56:33 | 000,000,000 | -HSD | C] -- C:\Users\Calt\AppData\Local\Verlauf
[2011.06.29 11:56:33 | 000,000,000 | -HSD | C] -- C:\Users\Calt\AppData\Local\Temporary Internet Files
[2011.06.29 11:56:33 | 000,000,000 | -HSD | C] -- C:\Users\Calt\Startmenü
[2011.06.29 11:56:33 | 000,000,000 | -HSD | C] -- C:\Users\Calt\SendTo
[2011.06.29 11:56:33 | 000,000,000 | -HSD | C] -- C:\Users\Calt\Recent
[2011.06.29 11:56:33 | 000,000,000 | -HSD | C] -- C:\Users\Calt\Netzwerkumgebung
[2011.06.29 11:56:33 | 000,000,000 | -HSD | C] -- C:\Users\Calt\Lokale Einstellungen
[2011.06.29 11:56:33 | 000,000,000 | -HSD | C] -- C:\Users\Calt\Documents\Eigene Videos
[2011.06.29 11:56:33 | 000,000,000 | -HSD | C] -- C:\Users\Calt\Documents\Eigene Musik
[2011.06.29 11:56:33 | 000,000,000 | -HSD | C] -- C:\Users\Calt\Eigene Dateien
[2011.06.29 11:56:33 | 000,000,000 | -HSD | C] -- C:\Users\Calt\Documents\Eigene Bilder
[2011.06.29 11:56:33 | 000,000,000 | -HSD | C] -- C:\Users\Calt\Druckumgebung
[2011.06.29 11:56:33 | 000,000,000 | -HSD | C] -- C:\Users\Calt\Cookies
[2011.06.29 11:56:33 | 000,000,000 | -HSD | C] -- C:\Users\Calt\AppData\Local\Anwendungsdaten
[2011.06.29 11:56:33 | 000,000,000 | -HSD | C] -- C:\Users\Calt\Anwendungsdaten
[2011.06.29 11:56:32 | 000,000,000 | --SD | C] -- C:\Users\Calt\AppData\Roaming\Microsoft
[2011.06.29 11:56:32 | 000,000,000 | R--D | C] -- C:\Users\Calt\Videos
[2011.06.29 11:56:32 | 000,000,000 | R--D | C] -- C:\Users\Calt\Saved Games
[2011.06.29 11:56:32 | 000,000,000 | R--D | C] -- C:\Users\Calt\Pictures
[2011.06.29 11:56:32 | 000,000,000 | R--D | C] -- C:\Users\Calt\Music
[2011.06.29 11:56:32 | 000,000,000 | R--D | C] -- C:\Users\Calt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.06.29 11:56:32 | 000,000,000 | R--D | C] -- C:\Users\Calt\Links
[2011.06.29 11:56:32 | 000,000,000 | R--D | C] -- C:\Users\Calt\Favorites
[2011.06.29 11:56:32 | 000,000,000 | R--D | C] -- C:\Users\Calt\Downloads
[2011.06.29 11:56:32 | 000,000,000 | R--D | C] -- C:\Users\Calt\Documents
[2011.06.29 11:56:32 | 000,000,000 | R--D | C] -- C:\Users\Calt\Desktop
[2011.06.29 11:56:32 | 000,000,000 | R--D | C] -- C:\Users\Calt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.06.29 11:56:32 | 000,000,000 | -H-D | C] -- C:\Users\Calt\AppData
[2011.06.29 11:56:32 | 000,000,000 | ---D | C] -- C:\Users\Calt\AppData\Local\Temp
[2011.06.29 11:56:32 | 000,000,000 | ---D | C] -- C:\Users\Calt\AppData\Local\Microsoft
[2011.06.29 11:56:32 | 000,000,000 | ---D | C] -- C:\Users\Calt\AppData\Roaming\Media Center Programs
[2011.06.29 11:55:35 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011.06.29 11:53:45 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011.06.29 11:53:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.06.29 11:53:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.06.29 11:53:44 | 000,000,000 | -HSD | C] -- C:\Programme
[2011.06.29 11:53:44 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2011.06.29 11:53:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.06.29 11:53:44 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.06.29 11:53:44 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.06.29 11:53:44 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.06.29 11:53:44 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011.06.29 11:53:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.06.29 11:53:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2011.06.29 11:53:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011.06.29 11:48:53 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011.06.29 11:48:47 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.30 22:02:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Calt\Desktop\OTL.exe
[2011.06.30 22:00:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.30 22:00:04 | 2129,289,215 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.30 21:59:02 | 000,000,188 | ---- | M] () -- C:\Users\Calt\defogger_reenable
[2011.06.30 21:58:45 | 000,050,477 | ---- | M] () -- C:\Users\Calt\Desktop\Defogger.exe
[2011.06.30 21:54:17 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Calt\Desktop\dds.scr
[2011.06.30 21:49:23 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Calt\Desktop\HiJackThis204.exe
[2011.06.30 21:28:19 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.06.30 21:28:19 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.06.30 17:37:16 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.06.30 17:37:16 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.06.30 17:37:16 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.06.30 17:37:16 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.06.30 17:37:16 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.06.30 17:35:43 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.30 17:35:43 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.30 17:23:47 | 120,647,199 | ---- | M] () -- C:\Users\Calt\Documents\Realtek_Audio_V51006235_Xp_V6016235_VistaWin7.zip
[2011.06.30 16:51:26 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2011.06.30 16:51:12 | 007,592,262 | ---- | M] () -- C:\Users\Calt\Documents\NEC_USB_3_V2040_WindowsXP_Vista_7.zip
[2011.06.30 16:47:57 | 006,389,634 | ---- | M] () -- C:\Users\Calt\Documents\Intel_Chipset_V9201015_XPVistaWin7.zip
[2011.06.30 07:10:43 | 000,000,444 | ---- | M] () -- C:\Users\Calt\Desktop\Alpha Protocol - Verknüpfung.lnk
[2011.06.29 21:52:13 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2011.06.29 20:43:40 | 000,001,587 | ---- | M] () -- C:\Users\Public\Desktop\Fable III.lnk
[2011.06.29 20:36:59 | 000,000,201 | ---- | M] () -- C:\Users\Calt\Desktop\Mass Effect.url
[2011.06.29 20:24:59 | 000,000,202 | ---- | M] () -- C:\Users\Calt\Desktop\Alliance of Valiant Arms.url
[2011.06.29 19:44:17 | 000,008,107 | ---- | M] () -- C:\Windows\w7dsd.reg
[2011.06.29 19:44:17 | 000,008,089 | ---- | M] () -- C:\Windows\w7dse.reg
[2011.06.29 19:27:44 | 000,001,185 | ---- | M] () -- C:\Users\Calt\Desktop\AssassinsCreed_Dx9 - Verknüpfung.lnk
[2011.06.29 18:54:54 | 000,001,110 | ---- | M] () -- C:\Users\Calt\Desktop\Crysis - Verknüpfung.lnk
[2011.06.29 18:48:26 | 000,001,181 | ---- | M] () -- C:\Users\Calt\Desktop\Dungeon Siege III - Verknüpfung.lnk
[2011.06.29 18:37:26 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Dungeons and Dragons Daggerdale.lnk
[2011.06.29 17:50:53 | 000,000,743 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011.06.29 17:18:08 | 002,257,408 | ---- | M] () -- C:\Users\Calt\Documents\LeagueofLegends.exe
[2011.06.29 16:48:05 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Bulletstorm.lnk
[2011.06.29 15:11:00 | 000,000,780 | ---- | M] () -- C:\Users\Calt\Desktop\Warhammer Online Age of Reckoning.lnk
[2011.06.29 13:57:30 | 000,000,668 | ---- | M] () -- C:\Users\Public\Desktop\Dragon Age Origins.lnk
[2011.06.29 12:38:33 | 000,007,597 | ---- | M] () -- C:\Users\Calt\AppData\Local\Resmon.ResmonCfg
[2011.06.29 12:23:39 | 000,513,080 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2011.06.29 11:51:07 | 000,057,050 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011.06.29 11:51:07 | 000,057,050 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.30 21:59:01 | 000,000,188 | ---- | C] () -- C:\Users\Calt\defogger_reenable
[2011.06.30 21:58:45 | 000,050,477 | ---- | C] () -- C:\Users\Calt\Desktop\Defogger.exe
[2011.06.30 17:18:29 | 120,647,199 | ---- | C] () -- C:\Users\Calt\Documents\Realtek_Audio_V51006235_Xp_V6016235_VistaWin7.zip
[2011.06.30 16:50:39 | 007,592,262 | ---- | C] () -- C:\Users\Calt\Documents\NEC_USB_3_V2040_WindowsXP_Vista_7.zip
[2011.06.30 16:47:38 | 006,389,634 | ---- | C] () -- C:\Users\Calt\Documents\Intel_Chipset_V9201015_XPVistaWin7.zip
[2011.06.30 07:10:43 | 000,000,444 | ---- | C] () -- C:\Users\Calt\Desktop\Alpha Protocol - Verknüpfung.lnk
[2011.06.29 21:52:13 | 000,000,707 | ---- | C] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2011.06.29 20:43:40 | 000,001,587 | ---- | C] () -- C:\Users\Public\Desktop\Fable III.lnk
[2011.06.29 20:36:59 | 000,000,201 | ---- | C] () -- C:\Users\Calt\Desktop\Mass Effect.url
[2011.06.29 20:24:59 | 000,000,202 | ---- | C] () -- C:\Users\Calt\Desktop\Alliance of Valiant Arms.url
[2011.06.29 19:44:17 | 000,008,107 | ---- | C] () -- C:\Windows\w7dsd.reg
[2011.06.29 19:44:17 | 000,008,089 | ---- | C] () -- C:\Windows\w7dse.reg
[2011.06.29 19:27:50 | 000,001,185 | ---- | C] () -- C:\Users\Calt\Desktop\AssassinsCreed_Dx9 - Verknüpfung.lnk
[2011.06.29 18:54:55 | 000,001,110 | ---- | C] () -- C:\Users\Calt\Desktop\Crysis - Verknüpfung.lnk
[2011.06.29 18:48:29 | 000,001,181 | ---- | C] () -- C:\Users\Calt\Desktop\Dungeon Siege III - Verknüpfung.lnk
[2011.06.29 18:37:26 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Dungeons and Dragons Daggerdale.lnk
[2011.06.29 17:38:59 | 000,000,743 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011.06.29 17:18:04 | 002,257,408 | ---- | C] () -- C:\Users\Calt\Documents\LeagueofLegends.exe
[2011.06.29 17:14:47 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2011.06.29 17:14:29 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.06.29 16:48:05 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Bulletstorm.lnk
[2011.06.29 15:11:00 | 000,000,780 | ---- | C] () -- C:\Users\Calt\Desktop\Warhammer Online Age of Reckoning.lnk
[2011.06.29 13:57:30 | 000,000,668 | ---- | C] () -- C:\Users\Public\Desktop\Dragon Age Origins.lnk
[2011.06.29 12:38:33 | 000,007,597 | ---- | C] () -- C:\Users\Calt\AppData\Local\Resmon.ResmonCfg
[2011.06.29 12:22:45 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011.06.29 12:11:14 | 000,007,621 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2011.06.29 11:57:01 | 000,001,405 | ---- | C] () -- C:\Users\Calt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011.06.29 11:56:57 | 000,001,439 | ---- | C] () -- C:\Users\Calt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.06.29 11:48:22 | 2129,289,215 | -HS- | C] () -- C:\hiberfil.sys
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.06.29 12:31:31 | 000,000,000 | ---D | M] -- C:\Users\Calt\AppData\Roaming\DAEMON Tools Lite
[2011.06.30 22:02:44 | 000,000,000 | ---D | M] -- C:\Users\Calt\AppData\Roaming\ICQ
[2011.06.29 21:13:37 | 000,000,000 | ---D | M] -- C:\Users\Calt\AppData\Roaming\Lionhead Studios
[2011.06.29 19:02:41 | 000,000,000 | ---D | M] -- C:\Users\Calt\AppData\Roaming\LolClient
[2011.06.29 12:22:47 | 000,000,000 | ---D | M] -- C:\Users\Calt\AppData\Roaming\Opera
[2011.06.30 07:10:48 | 000,000,000 | ---D | M] -- C:\Users\Calt\AppData\Roaming\SEGA Corporation
[2011.06.29 12:39:58 | 000,000,000 | ---D | M] -- C:\Users\Calt\AppData\Roaming\Ubisoft
[2009.07.14 07:08:49 | 000,005,670 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.06.29 11:56:43 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.06.30 19:25:13 | 000,000,000 | ---D | M] -- C:\BDS
[2011.06.29 11:53:44 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.06.30 16:48:07 | 000,000,000 | ---D | M] -- C:\Intel
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.06.30 17:29:25 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.06.30 17:29:07 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.06.30 17:17:39 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.06.29 11:53:44 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.06.29 11:53:45 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.06.30 22:03:37 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.06.29 11:56:32 | 000,000,000 | R--D | M] -- C:\Users
[2011.06.30 19:25:23 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\SysWOW64\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE >
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
 
< End of report >
--- --- ---
Otl extra
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 30.06.2011 22:03:00 - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Calt\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,66 Gb Available Physical Memory | 83,50% Memory free
15,95 Gb Paging File | 14,53 Gb Available in Paging File | 91,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 99,90 Gb Total Space | 70,72 Gb Free Space | 70,79% Space Free | Partition Type: NTFS
Drive D: | 881,50 Gb Total Space | 731,73 Gb Free Space | 83,01% Space Free | Partition Type: NTFS
Drive E: | 881,51 Gb Total Space | 727,24 Gb Free Space | 82,50% Space Free | Partition Type: NTFS
Drive F: | 2,81 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: URF | User Name: Calt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.44
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A1FA4C1-2701-401C-8CE1-FDDE45304FF5}" = ASUS nVidia Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dungeons and Dragons Daggerdale_is1" = Dungeons and Dragons Daggerdale
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.50.1074" = Opera 11.50
"Postal 2_is1" = Portal 2
"StarCraft II" = StarCraft II
"Steam App 102700" = Alliance of Valiant Arms
"Steam App 17460" = Mass Effect
"Steam App 42910" = Magicka
"Warhammer Online: Age of Reckoning" = Warhammer Online: Age of Reckoning
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.06.2011 06:45:56 | Computer Name = Urf | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AssassinsCreed_Dx10.exe, Version:
1.0.0.1, Zeitstempel: 0x47cf422d Name des fehlerhaften Moduls: AssassinsCreed_Dx10.exe,
Version: 1.0.0.1, Zeitstempel: 0x47cf422d Ausnahmecode: 0xc0000005 Fehleroffset: 
0x002c8518 ID des fehlerhaften Prozesses: 0xfc8 Startzeit der fehlerhaften Anwendung:
0x01cc3649b5939083 Pfad der fehlerhaften Anwendung: D:\Action\Assassin's Creed\AssassinsCreed_Dx10.exe
Pfad
des fehlerhaften Moduls: D:\Action\Assassin's Creed\AssassinsCreed_Dx10.exe Berichtskennung:
f7be5b80-a23c-11e0-bea4-907c2473a93d
 
Error - 29.06.2011 06:46:00 | Computer Name = Urf | Source = | ID = 0
Description = 
 
Error - 29.06.2011 06:46:00 | Computer Name = Urf | Source = | ID = 0
Description = 
 
Error - 29.06.2011 06:47:35 | Computer Name = Urf | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AssassinsCreed_Dx10.exe, Version:
1.0.0.1, Zeitstempel: 0x47cf422d Name des fehlerhaften Moduls: AssassinsCreed_Dx10.exe,
Version: 1.0.0.1, Zeitstempel: 0x47cf422d Ausnahmecode: 0xc0000005 Fehleroffset: 
0x002c8518 ID des fehlerhaften Prozesses: 0x954 Startzeit der fehlerhaften Anwendung:
0x01cc3649f0fcbe39 Pfad der fehlerhaften Anwendung: D:\Action\Assassin's Creed\AssassinsCreed_Dx10.exe
Pfad
des fehlerhaften Moduls: D:\Action\Assassin's Creed\AssassinsCreed_Dx10.exe Berichtskennung:
3257a8d4-a23d-11e0-bea4-907c2473a93d
 
Error - 29.06.2011 06:47:36 | Computer Name = Urf | Source = | ID = 0
Description = 
 
Error - 29.06.2011 06:47:36 | Computer Name = Urf | Source = | ID = 0
Description = 
 
Error - 29.06.2011 07:06:22 | Computer Name = Urf | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Crysis64.exe, Version: 1.1.1.5767,
Zeitstempel: 0x471f96dc Name des fehlerhaften Moduls: CrySystem.dll, Version: 1.1.1.5767,
Zeitstempel: 0x471f9738 Ausnahmecode: 0xc000008f Fehleroffset: 0x00000000000850cc
ID
des fehlerhaften Prozesses: 0xe18 Startzeit der fehlerhaften Anwendung: 0x01cc364c8f78a10f
Pfad
der fehlerhaften Anwendung: D:\Shooter\Crysis\Bin64\Crysis64.exe Pfad des fehlerhaften
Moduls: D:\Shooter\Crysis\Bin64\CrySystem.dll Berichtskennung: d2268bbf-a23f-11e0-bea4-907c2473a93d
 
Error - 29.06.2011 07:07:28 | Computer Name = Urf | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Crysis64.exe, Version: 1.1.1.5767,
Zeitstempel: 0x471f96dc Name des fehlerhaften Moduls: CrySystem.dll, Version: 1.1.1.5767,
Zeitstempel: 0x471f9738 Ausnahmecode: 0xc000008f Fehleroffset: 0x00000000000850cc
ID
des fehlerhaften Prozesses: 0x954 Startzeit der fehlerhaften Anwendung: 0x01cc364cb9b06278
Pfad
der fehlerhaften Anwendung: D:\Shooter\Crysis\Bin64\Crysis64.exe Pfad des fehlerhaften
Moduls: D:\Shooter\Crysis\Bin64\CrySystem.dll Berichtskennung: f9482398-a23f-11e0-bea4-907c2473a93d
 
Error - 29.06.2011 07:59:27 | Computer Name = Urf | Source = MsiInstaller | ID = 1013
Description = 
 
Error - 29.06.2011 10:43:49 | Computer Name = Urf | Source = MsiInstaller | ID = 1013
Description = 
 
[ System Events ]
Error - 08.12.2009 14:45:46 | Computer Name = WIN-JCVD7GJJ512 | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
--- --- ---
Danke in Voraus für die Hilfe

MfG
Calt

Alt 30.06.2011, 22:49   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Battle.net Account Gehackt-> Pc infiziert? - Standard

Battle.net Account Gehackt-> Pc infiziert?


Zitat:
C schlummert oder es einfach erraten wurde (Zu einfaches PW)
Und wie einfach war das PW? Welche Länge, welche Zeichen?
__________________

__________________
Alt 01.07.2011, 05:50   #3
Calt
 
Battle.net Account Gehackt-> Pc infiziert? - Standard

Battle.net Account Gehackt-> Pc infiziert?


Name + 123, aber das seltsame war das ich gestern morgen in SC2 war und am Abend halt nicht mehr zocken konnte, deswegen bin ich etwas stutzig
War nicht das Beste, ich weiß... aber ist es möglich das sie sowas mit Dictionary Attacks oder Bruteforce machen?

Edit: Malwarebytes hat in alle 3 Suchmodi nichts gefunden
__________________
Geändert von Calt (01.07.2011 um 06:35 Uhr) Grund: Addendum

Alt 01.07.2011, 09:32   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Battle.net Account Gehackt-> Pc infiziert? - Standard

Battle.net Account Gehackt-> Pc infiziert?


Dann war das Passwort wohl nur zu einfach zu erraten...
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.07.2011, 09:49   #5
Calt
 
Battle.net Account Gehackt-> Pc infiziert? - Standard

Battle.net Account Gehackt-> Pc infiziert?


Na dann, habs in was komplizierteres geändert...

danke für die schnelle und hilfreiche Antwort


Antwort

Themen zu Battle.net Account Gehackt-> Pc infiziert?
64-bit, alternate, antivir, autorun, avira, battle.net, bho, browser, c:\windows\system32\rundll32.exe, error, explorer, flash player, focus, helper, hijack, hijackthis, infiziert?, install.exe, installation, langs, logfile, msiinstaller, object, pc infiziert, plug-in, problem, realtek, registry, required, rundll, scan, security, shortcut, software, start menu, syswow64, usb, usb 3.0, webcheck, windows, windows xp, winlogon.exe


« PC klickt automatisch, Fremdzugriff auf meinen PC? | SPR/AutoIt.Gen und TR/Crypt.XPACK.Gen3 auf einmal »


Ähnliche Themen: Battle.net Account Gehackt-> Pc infiziert?


  1. Windows 7: Steam Account durch Virus gehackt und entwendet, Steam infiziert : Win32:Malware-gen
    Log-Analyse und Auswertung - 14.09.2015 (16)
  2. Spam Mail vom eigenen Yahoo Account erhalten - Account gehackt?
    Log-Analyse und Auswertung - 28.08.2015 (8)
  3. Passwort von Mail Account gehackt - Email mit Virenlink an Kontakte = PC infiziert?
    Überwachung, Datenschutz und Spam - 19.02.2015 (6)
  4. WoW Account gehackt
    Log-Analyse und Auswertung - 08.10.2014 (5)
  5. E-Mail Account gehackt - unauthorisierte Mails von meinem Account werden verschickt
    Log-Analyse und Auswertung - 19.04.2014 (5)
  6. Battle.net Account gehackt; Wurm eingefangen?
    Log-Analyse und Auswertung - 24.08.2012 (5)
  7. Battle.net-Acc wurde gehackt nach Echtgeldeinkauf
    Log-Analyse und Auswertung - 21.08.2012 (21)
  8. GMX Account gehackt!
    Log-Analyse und Auswertung - 08.08.2012 (0)
  9. Battle.net Account gehackt
    Log-Analyse und Auswertung - 09.07.2011 (13)
  10. battle.net/WoW Account gehackt, Trojaner
    Log-Analyse und Auswertung - 18.02.2011 (5)
  11. Battle.net (wow) Account gehackt - Trotzdem nichts zu finden
    Log-Analyse und Auswertung - 17.01.2011 (9)
  12. verdächtiges verhalten im battle-net account
    Log-Analyse und Auswertung - 16.01.2011 (2)
  13. WoW Account 2 mal gehackt
    Log-Analyse und Auswertung - 05.02.2010 (0)
  14. wow-account gehackt
    Log-Analyse und Auswertung - 14.12.2009 (5)
  15. WoW - Account gehackt und nun
    Log-Analyse und Auswertung - 01.09.2009 (27)
  16. MSN account gehackt
    Plagegeister aller Art und deren Bekämpfung - 01.02.2009 (4)
  17. Amazon Account gehackt + E-mail gehackt !
    Plagegeister aller Art und deren Bekämpfung - 05.05.2008 (16)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Battle.net Account Gehackt-> Pc infiziert? - Guten Abend, Ich musste heute Abend leider feststellen das mein Battle.net Account gehackt wurde. Standart Geschichte, WoW Chars blank etc. Das Problem nun ist das ich eigenlich WoW schon längere - Battle.net Account Gehackt-> Pc infiziert?...
Archiv
Du betrachtest: Battle.net Account Gehackt-> Pc infiziert? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131