Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Persistance durch Patch bekommen

Persistance durch Patch bekommen


Log-Analyse und Auswertung: Persistance durch Patch bekommen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 06.10.2011, 13:40   #1
DonSerious
 
Persistance durch Patch bekommen - Standard

Persistance durch Patch bekommen


Hallo,

ich habe einen Patch für Gothic 3 starten wollen aber leider war es ein getarnter Virus... die Datei war auch nicht sonderlich groß hätte mir eigentlich auffallen müssen. Naja ich konnte ihn erfolgreich 5 minuten später entfernen. wurde auch nur von MBAM als Malware erkannt. Leider musste ich ihn per Hand löschen.

hxxp://greatis.com/blog/how-to-remove-malware/persistance-exe.htm

ich habe das Lankabel getrennt und den beiden Dateien die Adminrechte gegeben, neugestartet und konnte alles löschen + Registryeinträge nachdem ich den obrigen Link gefunden hatte.
Könnte man bitte noch überprüfen ob der Rest sauber ist? ESET und MBAM haben nach aktualisierung und einem Vollscan nichts mehr gefunden.

OTL
Code:
ATTFilter
OTL logfile created on: 06.10.2011 14:27:17 - Run 5
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Markus\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,62 Gb Available Physical Memory | 82,92% Memory free
15,96 Gb Paging File | 14,52 Gb Available in Paging File | 90,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 62,66 Gb Free Space | 42,80% Space Free | Partition Type: NTFS
Drive D: | 552,15 Gb Total Space | 91,76 Gb Free Space | 16,62% Space Free | Partition Type: NTFS
Drive E: | 7,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MARKUS-PC | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.06 14:26:24 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Markus\Downloads\OTL.exe
PRC - [2011.09.29 03:16:53 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.09.23 00:41:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.09.22 12:29:48 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.05.14 07:02:56 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010.05.05 19:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010.05.05 19:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2009.08.28 19:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009.07.06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.10.02 16:07:14 | 000,176,128 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.04.27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011.04.27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.09.29 03:16:53 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.09.28 00:37:29 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.09.23 00:41:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.09.22 12:29:48 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.28 18:58:39 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.05.14 14:02:54 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.28 19:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.10.02 01:16:59 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.09.28 03:03:03 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.09.28 03:03:02 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.08.15 14:32:10 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.04.27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011.04.06 06:11:44 | 009,323,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.04.06 03:21:42 | 000,304,128 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.21 13:22:06 | 000,452,200 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.17 14:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.07.01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010.05.05 21:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010.05.05 21:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010.05.05 21:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010.05.05 21:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010.05.05 21:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010.05.05 21:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010.05.05 21:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010.05.05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010.05.05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010.05.05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010.05.05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010.05.05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010.05.05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.12.26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV:64bit: - [2008.03.26 15:55:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008.03.26 15:55:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008.03.26 15:55:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2007.08.08 09:31:16 | 000,034,336 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\scramby_out.sys -- (scramby_out)
DRV:64bit: - [2007.06.01 18:37:00 | 001,037,312 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WG111Tvx.sys -- (WG111T)
DRV:64bit: - [2007.02.13 18:41:26 | 000,029,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\scramby.sys -- (scramby)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 475640049
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 BC 2A 33 66 7D CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google Deutschland"
FF - prefs.js..browser.search.useDBForOrder: true
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.02 02:16:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.04.27 20:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Extensions
[2011.10.01 12:19:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\jgn0wioz.default\extensions
[2011.10.01 01:34:01 | 000,002,563 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jgn0wioz.default\searchplugins\google-auf-gut-glck.xml
[2011.10.01 01:34:01 | 000,002,454 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jgn0wioz.default\searchplugins\google-deutschland.xml
[2011.08.08 02:12:54 | 000,002,330 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jgn0wioz.default\searchplugins\wowprogresscom.xml
[2011.10.05 14:26:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.05 14:26:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.27 23:47:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.06.24 23:20:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.02 02:20:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\MARKUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JGN0WIOZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.10.02 02:16:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.02 02:16:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.02 02:16:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.02 02:16:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.02 02:16:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 02:16:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.02 02:16:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [NCsoft]  File not found
O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [updateswindows] C:\Users\Markus\AppData\Roaming\WindowsUpdates\winupdates.exe File not found
O4 - Startup: C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F3451B1-3848-401C-A835-19810DB66043}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.06 18:33:09 | 000,000,043 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{acc8aca5-c03f-11e0-9e83-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{acc8aca5-c03f-11e0-9e83-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe -- [2006.01.10 15:49:24 | 000,492,032 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.05 14:42:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2011.10.05 14:27:14 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\OpenOffice.org
[2011.10.05 14:26:43 | 000,000,000 | --SD | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011.10.05 14:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2011.10.04 00:52:25 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\gothic3aa
[2011.10.02 17:50:24 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\gothic3
[2011.10.02 15:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic III
[2011.10.02 02:20:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.10.02 02:20:35 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.10.02 02:20:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.10.02 02:20:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.10.02 01:38:29 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\{2832E37A-99BE-4AE6-88E0-F6A6A0131632}
[2011.10.02 01:38:18 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\{179A18F5-3FF3-43C5-89EB-3EBF87D56B0C}
[2011.10.02 01:37:46 | 000,000,000 | ---D | C] -- C:\Windows\de
[2011.10.02 01:31:55 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\{FD6E79D5-D09E-4892-A151-DA9DD77F8D05}
[2011.10.02 01:19:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2011.10.02 01:16:59 | 000,270,912 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.10.02 01:16:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011.10.02 01:16:32 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\DAEMON Tools Lite
[2011.10.02 01:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011.09.29 13:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.09.29 03:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011.09.29 03:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011.09.29 03:26:21 | 005,067,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011.09.29 03:26:21 | 000,137,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011.09.29 03:26:20 | 010,406,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011.09.29 03:26:20 | 003,074,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2011.09.29 03:26:20 | 000,837,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2011.09.29 03:26:20 | 000,222,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011.09.29 03:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011.09.29 03:21:58 | 024,796,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011.09.29 03:21:58 | 024,743,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011.09.29 03:21:58 | 018,870,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011.09.29 03:21:58 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011.09.29 03:21:58 | 015,688,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011.09.29 03:21:58 | 013,200,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011.09.29 03:21:58 | 008,930,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011.09.29 03:21:58 | 007,580,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011.09.29 03:21:58 | 007,183,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011.09.29 03:21:58 | 005,576,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011.09.29 03:21:58 | 002,808,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011.09.29 03:21:58 | 002,542,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011.09.29 03:21:58 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011.09.29 03:21:58 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011.09.29 03:21:58 | 002,232,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011.09.29 03:21:58 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011.09.29 03:21:58 | 001,533,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2011.09.29 03:21:58 | 001,454,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2011.09.29 03:21:58 | 001,452,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420102.dll
[2011.09.29 03:21:58 | 000,174,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2011.09.29 03:21:58 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.09.29 03:21:58 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011.09.29 03:21:58 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2011.09.29 03:18:28 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\Battlefield 3 Open Beta
[2011.09.29 03:18:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2011.09.28 03:04:15 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Risen
[2011.09.27 13:22:54 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\FIFA 12
[2011.09.27 00:01:44 | 001,037,312 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\WG111Tvx.sys
[2011.09.27 00:01:44 | 000,043,328 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysNative\drivers\PCAMp50a64.sys
[2011.09.27 00:01:44 | 000,041,280 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysNative\drivers\PCASp50a64.sys
[2011.09.26 23:34:17 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2011.09.26 14:11:13 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\Witcher 2
[2011.09.26 14:11:13 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\The Witcher 2
[2011.09.26 14:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2
[2011.09.26 01:09:47 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\ArcaniA - Gothic 4
[2011.09.26 01:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcaniA - Gothic 4
[2011.09.25 23:28:25 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\{DBDCF523-3272-4238-B8A0-4CA13A9CBAFC}
[2011.09.21 14:47:37 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\Eidos
[2011.09.21 14:43:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011.09.21 14:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos
[2011.09.16 15:54:38 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\Virtual Machines
[2011.09.16 15:48:04 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\VMware
[2011.09.16 15:47:31 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\VMware
[2011.09.16 15:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2011.09.15 21:14:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2011.09.15 20:48:41 | 000,000,000 | ---D | C] -- C:\Users\Markus\VirtualBox VMs
[2011.09.15 20:48:18 | 000,000,000 | ---D | C] -- C:\Users\Markus\.VirtualBox
[2011.09.15 20:47:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011.09.15 20:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2011.09.12 15:47:00 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Xfire
[2011.09.12 15:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2011.09.12 15:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire
[2011.09.12 15:46:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xfire
[2011.09.11 18:16:24 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\NCSoft
[2011.09.11 15:08:31 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCsoft
[2011.09.11 15:08:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCsoft
[2011.09.11 15:07:44 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\assembly
[2011.09.11 15:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCsoft
[2011.09.11 15:04:10 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\GetRightToGo
[2011.09.07 17:02:52 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\SCE
[2010.05.05 19:59:10 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010.05.05 19:38:18 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.06 14:23:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.06 14:23:02 | 2132,991,999 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.06 14:22:34 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000000-00001102-00000005-00211102}.rfx
[2011.10.06 14:22:34 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000000-00001102-00000005-00211102}.rfx
[2011.10.06 14:22:34 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000000-00001102-00000005-00211102}.rfx
[2011.10.06 14:22:13 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.06 14:22:13 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.06 04:32:25 | 001,651,022 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.10.06 04:32:25 | 000,710,036 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.10.06 04:32:25 | 000,663,632 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.10.06 04:32:25 | 000,154,422 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.10.06 04:32:25 | 000,126,618 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.10.06 03:25:05 | 000,294,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.05 14:27:45 | 000,001,239 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011.10.03 02:18:18 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.10.03 02:18:18 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.02 01:16:59 | 000,270,912 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.10.01 13:09:47 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.09.30 18:05:18 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.09.29 03:16:53 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.09.28 03:03:03 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2011.09.28 03:03:02 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2011.09.27 02:43:43 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2011.09.27 02:43:43 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2011.09.27 02:10:24 | 000,000,267 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2011.09.26 20:55:26 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2011.09.26 13:10:22 | 000,000,372 | ---- | M] () -- C:\Windows\lgfwup.ini
[2011.09.23 19:57:48 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.09.23 00:41:00 | 024,796,480 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011.09.23 00:41:00 | 024,743,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011.09.23 00:41:00 | 018,870,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011.09.23 00:41:00 | 017,248,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011.09.23 00:41:00 | 015,688,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011.09.23 00:41:00 | 013,200,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011.09.23 00:41:00 | 010,406,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011.09.23 00:41:00 | 008,930,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011.09.23 00:41:00 | 007,580,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011.09.23 00:41:00 | 007,183,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011.09.23 00:41:00 | 005,576,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011.09.23 00:41:00 | 005,067,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011.09.23 00:41:00 | 003,074,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2011.09.23 00:41:00 | 002,808,640 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011.09.23 00:41:00 | 002,542,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011.09.23 00:41:00 | 002,458,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011.09.23 00:41:00 | 002,401,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011.09.23 00:41:00 | 002,232,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011.09.23 00:41:00 | 002,099,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011.09.23 00:41:00 | 001,533,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2011.09.23 00:41:00 | 001,454,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2011.09.23 00:41:00 | 000,837,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2011.09.23 00:41:00 | 000,222,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011.09.23 00:41:00 | 000,137,536 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011.09.23 00:41:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.09.23 00:41:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011.09.23 00:41:00 | 000,007,384 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2011.09.22 12:29:58 | 000,321,856 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.16 15:40:48 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011.09.16 15:40:36 | 001,679,256 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.05 14:27:45 | 000,001,239 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011.09.29 03:21:58 | 000,007,384 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2011.09.28 03:03:03 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2011.09.28 03:03:02 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2011.09.22 12:29:58 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.16 15:40:48 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011.08.27 00:22:30 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.08.06 17:15:14 | 000,000,372 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011.07.02 17:32:58 | 000,001,801 | ---- | C] () -- C:\Windows\WRcfg.ini
[2011.07.02 17:32:58 | 000,000,388 | ---- | C] () -- C:\Windows\WRMCcfg.ini
[2011.05.27 20:34:14 | 000,007,599 | ---- | C] () -- C:\Users\Markus\AppData\Local\Resmon.ResmonCfg
[2011.04.30 21:46:15 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.04.30 21:46:15 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.04.30 21:46:13 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.04.27 20:54:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.27 20:51:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.27 20:31:50 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.04.27 20:31:50 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.04.27 20:31:31 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2011.04.27 20:22:56 | 001,679,256 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.13 21:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.01 19:07:08 | 000,003,949 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.05.05 20:37:52 | 000,021,204 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010.05.05 20:37:50 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010.05.05 19:56:46 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010.05.05 19:46:30 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010.05.05 19:46:30 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010.05.05 19:38:22 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.06 13:47:08 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2002.08.13 17:04:12 | 000,217,088 | R--- | C] () -- C:\Windows\SysWow64\MafiaSetup.exe
[2002.08.13 17:04:12 | 000,217,088 | R--- | C] () -- C:\Users\Markus\AppData\Roaming\MafiaSetup.exe
 
========== LOP Check ==========
 
[2011.04.29 19:02:21 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Acreon
[2011.07.02 17:45:26 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Avnex
[2011.10.02 02:22:36 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\DAEMON Tools Lite
[2011.10.06 04:06:54 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Firstload
[2011.09.11 15:08:05 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\GetRightToGo
[2011.06.25 16:07:34 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\go
[2011.09.27 19:00:13 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\ICQ
[2011.08.24 00:44:28 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\ImgBurn
[2011.05.25 18:56:30 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\LG Electronics
[2011.05.20 14:13:04 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Lionhead Studios
[2011.07.05 00:49:37 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\mp3DirectCut
[2011.10.05 14:27:14 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\OpenOffice.org
[2011.07.21 00:45:09 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Origin
[2011.07.08 19:19:34 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Screaming Bee
[2011.04.27 20:43:50 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Trillian
[2011.10.06 03:38:09 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TS3Client
[2011.10.02 15:25:00 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\UseNeXT
[2011.08.05 13:07:19 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
OTL-Extras
Code:
ATTFilter
OTL Extras logfile created on: 06.10.2011 14:27:17 - Run 5
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Markus\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,62 Gb Available Physical Memory | 82,92% Memory free
15,96 Gb Paging File | 14,52 Gb Available in Paging File | 90,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 62,66 Gb Free Space | 42,80% Space Free | Partition Type: NTFS
Drive D: | 552,15 Gb Total Space | 91,76 Gb Free Space | 16,62% Space Free | Partition Type: NTFS
Drive E: | 7,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MARKUS-PC | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.38
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.38
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.38
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.38
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"Recuva" = Recuva
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{058AF8C6-E4DE-4D91-9879-B72860E9F615}" = MorphVOX Pro
"{0AF6CFBC-02CB-4B7F-B71D-7B1DBE8A5E7B}" = LG PC Suite II
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DB44859-4112-4946-BE5E-A4275B3FFB5E}" = Furry Voices for Second Life
"{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1" = Deus Ex - Human Revolution version 1.0
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{216E21F4-0489-4311-92D6-20D1FB950FCE}" = Sci-Fi Voice Pack
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 27
"{29C042AB-059B-414C-840E-94775E3F24A8}" = Personality Voices
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 12 DEMO
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4343080E-448E-4E2C-B27F-B91000028201}" = Dead Rising 2
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{45BF4F8E-7BE7-4384-94C6-60AC70C401C6}" = Male Voice Pack
"{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3™ Open Beta
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{4D53090A-CE35-42BD-B377-831000028301}" = Fable III
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{5B616A3F-43D9-4F0B-9F49-D39342A98592}" = Creatures of Darkness
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{602A1471-063B-4E03-9DCE-0210B914EFF5}" = Translator Fun Voice Pack
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{8061C2C9-C2A3-4550-A3FC-585B646840CB}" = Fantasy Voice Pack
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = Der Pate® II
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C9E8E9-C54B-48C1-9192-F5D49633AB5D}" = Harry Potter und die Heiligtümer des Todes(TM) - Teil 2
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"ArcaniA" = ArcaniA - Gothic 4
"AudioCS" = Creative Audio-Systemsteuerung
"Battlelog Web Plugins" = Battlelog Web Plugins
"DAEMON Tools Lite" = DAEMON Tools Lite
"EAX Unified" = EAX Unified
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.0" = ESN Sonar
"Firstload" = Firstload
"Fraps" = Fraps (remove only)
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"ImgBurn" = ImgBurn
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"Mafia Game" = Mafia Game
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Novo's Easy WoW Server 0.4.0.5" = Novo's Easy WoW Server 0.4.0.5
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 15120" = Tom Clancy's Rainbow Six: Vegas 2
"Steam App 17300" = Crysis
"Steam App 17330" = Crysis Warhead
"Steam App 17340" = Crysis Wars
"Steam App 19900" = Far Cry 2
"Steam App 220" = Half-Life 2
"Steam App 24200" = DC Universe Online
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 28000" = Kane & Lynch 2: Dog Days
"Steam App 32460" = Monkey Island 2: Special Edition
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 50130" = Mafia II
"Steam App 620" = Portal 2
"Steam App 6860" = Hitman: Blood Money
"Steam App 8190" = Just Cause 2
"Steam App 9880" = Champions Online: Free For All
"SysInfo" = Creative Systeminformationen
"Trillian" = Trillian
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"NCsoft-CityOfHeroesEU" = City of Heroes
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
ich bedanke mich

 

Themen zu Persistance durch Patch bekommen
5 minuten, 64-bit, adobe, adobe flash player, battlefield 3, bho, c:\windows\system32\rundll32.exe, call of duty, curse, error, explorer, firefox, flash player, format, google, grand theft auto, h.264/mpeg-4, helper, home, install.exe, installation, langs, launch, logfile, malware, microsoft security, monkey island, nvidia, nvidia update, object, opera, plug-in, programme, realtek, recuva, rundll, security, shell32.dll, shortcut, software, starten, teamspeak, version=1.0, virtualbox, webcheck, windows


« Google Suchergebnisse leiten falsch weiter | Rechner langsam, Systemunterbrechungen bei 42%, Security Essensials und ThreadFire finden nichts »


Ähnliche Themen: Persistance durch Patch bekommen


  1. D-Link-Patch ergänzt Sicherheitslücken durch neue Lücke
    Nachrichten - 15.04.2015 (0)
  2. Plus hd 3.8 weg bekommen
    Plagegeister aller Art und deren Bekämpfung - 27.10.2013 (15)
  3. Microsoft liefert Patch für den Patch
    Nachrichten - 24.04.2013 (0)
  4. autorun.inf und RECYCLER Wurm durch USB / SD Karte bekommen.
    Plagegeister aller Art und deren Bekämpfung - 07.06.2010 (2)
  5. Durch msn einen Virus bekommen
    Plagegeister aller Art und deren Bekämpfung - 16.08.2009 (1)
  6. Patch von HTC für Smartphones
    Nachrichten - 20.07.2009 (0)
  7. PMS/Tool.HT Patch.A
    Log-Analyse und Auswertung - 12.03.2005 (9)
  8. M$ Patch-Night
    Alles rund um Windows - 14.02.2005 (8)
  9. MS Patch update
    Plagegeister aller Art und deren Bekämpfung - 20.08.2004 (13)
  10. IE Patch
    Alles rund um Windows - 05.07.2004 (5)
  11. patch kb828028
    Alles rund um Windows - 12.02.2004 (7)
  12. patch kb823980 ?
    Plagegeister aller Art und deren Bekämpfung - 23.01.2004 (23)
  13. Patch für XP
    Antiviren-, Firewall- und andere Schutzprogramme - 06.04.2003 (13)
  14. 320920 patch
    Alles rund um Windows - 16.02.2003 (4)
  15. Mircosoft Internet Explorer: Der Patch für den Patch
    Alles rund um Windows - 15.02.2003 (2)
  16. Probleme mit IE-Patch
    Alles rund um Windows - 08.02.2003 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Persistance durch Patch bekommen - Hallo, ich habe einen Patch für Gothic 3 starten wollen aber leider war es ein getarnter Virus... die Datei war auch nicht sonderlich groß hätte mir eigentlich auffallen müssen. Naja - Persistance durch Patch bekommen...
Archiv
Du betrachtest: Persistance durch Patch bekommen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131