| |
| |||||||
Log-Analyse und Auswertung: PING.exe 75% Auslastung, Trustedinstaller virus, trojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.11.2011, 22:46
| #1 |
 |  PING.exe 75% Auslastung, Trustedinstaller virus, trojaner hallo, ich bin neu hier im Forum Habe jetzt folgendes Problem: der Prozess PING.exe verschwendet 75% CPU Leistung und wenn ich den Prozess beende kommt er von alleine wieder und wieder immer das slebe Spiel. Jetzt habe ich auf dateipfad öffnen geklickt, da wollte ich diese Datei dann löschen, aber ich darf daran nichts ändern, weil mir ein "Benutzer" namens Trustedinstaller die Rechte weggenommen hat. Dieser hat alle Administratorrechte und lästt mich keine Änderungen an bestimmten Dateien durchführen, wäre mir auch egal wenn dieser eine PING.exe Prozess mir nicht die Gaming Power wegsaugen würde. Was kann ich da tun? P.S. Hab eine ähnliches Thema hier gefunden und lasse gerade Malwarebytes einen Vollscan machen |
|
26.11.2011, 13:32
| #2 |
| |  PING.exe 75% Auslastung, Trustedinstaller virus, trojaner das Problem hat sich zumindest teilweise erledigt, habe hier:
__________________Code:
ATTFilter hxxp://www.unawave.de/windows-7-tipps/windows-mail.html
|
|
26.11.2011, 15:43
| #3 |
| /// Malware-holic   | PING.exe 75% Auslastung, Trustedinstaller virus, trojaner hi
__________________na diese datei zu löschen löst doch nicht dein problem, du hast warscheinlich malware auf dem system und hast nur ein symptom beseitigt, mehr nicht. öffne malwarebytes, poste mir alle logs unter logdateien zu finden. Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
__________________ |
|
27.11.2011, 00:02
| #4 |
| | PING.exe 75% Auslastung, Trustedinstaller virus, trojaner hallo, danke für deine Bereitschaft mir zu helfen. OTL scannt gerade, Malwarebytes hat nach diesem scan folgende logdatei rausgespuckt: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8239
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
25.11.2011 20:27:00
mbam-log-2011-11-25 (20-27-00).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 188371
Laufzeit: 3 Minute(n), 41 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 14
Infizierte Speicherprozesse:
c:\Windows\Temp\uvtkcq\setup.exe (Trojan.Zbot.CBCGen) -> 4036 -> Unloaded process successfully.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AMService (Trojan.Zbot.CBCGen) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
c:\Users\Nico\m-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Nico\m-1-80-5270-5785-5250 (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\Windows\Temp\uvtkcq\setup.exe (Trojan.Zbot.CBCGen) -> Quarantined and deleted successfully.
c:\Users\Nico\AppData\Local\Temp\0170687.exe (Trojan.Obfuscated) -> Quarantined and deleted successfully.
c:\Users\Nico\AppData\Local\Temp\0652339.exe (Trojan.Obfuscated) -> Quarantined and deleted successfully.
c:\Users\Nico\AppData\Local\Temp\1680557.exe (Trojan.Obfuscated) -> Quarantined and deleted successfully.
c:\Users\Nico\AppData\Local\Temp\2531147.exe (Trojan.Obfuscated) -> Quarantined and deleted successfully.
c:\Users\Nico\AppData\Local\Temp\3106637.exe (Trojan.Obfuscated) -> Quarantined and deleted successfully.
c:\Users\Nico\AppData\Local\Temp\4730026.exe (Trojan.Obfuscated) -> Quarantined and deleted successfully.
c:\Users\Nico\AppData\Local\Temp\7112958.exe (Trojan.Obfuscated) -> Quarantined and deleted successfully.
c:\Users\Nico\AppData\Local\Temp\7515454.exe (Trojan.Obfuscated) -> Quarantined and deleted successfully.
c:\Users\Nico\AppData\Local\Temp\8513439.exe (Trojan.Obfuscated) -> Quarantined and deleted successfully.
c:\Users\Nico\AppData\Local\Temp\8531509.exe (Trojan.Obfuscated) -> Quarantined and deleted successfully.
c:\Windows\Temp\wbvdth\setup.exe (Trojan.Email) -> Quarantined and deleted successfully.
c:\Users\Nico\downloads\img04854912.jpg (Trojan.Fakealert) -> Quarantined and deleted successfully.
c:\Windows\musiccitydoownload.exe (Trojan.Agent) -> Quarantined and deleted successfully.
OTL Ergebnis kommt gleich OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.11.2011 23:57:42 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nico\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 55,52% Memory free 7,99 Gb Paging File | 5,46 Gb Available in Paging File | 68,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 303,63 Gb Total Space | 35,40 Gb Free Space | 11,66% Space Free | Partition Type: NTFS Drive D: | 150,47 Gb Total Space | 0,70 Gb Free Space | 0,47% Space Free | Partition Type: NTFS Drive F: | 4,25 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 477,40 Gb Total Space | 3,71 Gb Free Space | 0,78% Space Free | Partition Type: NTFS Drive I: | 881,45 Gb Total Space | 367,49 Gb Free Space | 41,69% Space Free | Partition Type: NTFS Drive M: | 931,44 Gb Total Space | 470,78 Gb Free Space | 50,54% Space Free | Partition Type: NTFS Drive N: | 50,00 Gb Total Space | 50,00 Gb Free Space | 100,00% Space Free | Partition Type: exFAT Computer Name: NICO-PC | User Name: Nico | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Nico\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) PRC - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE () PRC - C:\Users\Nico\Bluebirds\BlueBirds.exe (LG Electronics) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Users\Nico\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll () MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0ce2a22269bc0664c504a09ac58d9691\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\617a4fee65a5b2bb824c7c4fa0cf4e3b\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\fd0e98692f4867bdc4127515da0a0e6e\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\715b60b10796cee8be21ff3c2adb89a3\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\cc714ec4286a35ee3483e8907ae02742\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c5e09113b0f8d8cabd011fd7d5636148\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\99071eac562f8640e89cce1f6ae992f5\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\0fa3c4497bda0cf45eb23e0e88bc12ca\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\69c4f74a04b72a01ec47a866a080563b\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9ea3b85fd8f6bc7bbc2ee273f21d2019\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\80285b8174a67b0c41077ca6f7f64641\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\3549a2cfb6c5637f8ef6e30c70a9eb16\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\0b6fafc69f01aa1a982b7f0bc40d48f0\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtWebKit4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtGui4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtSql4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtScript4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtNetwork4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtCore4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtDeclarative4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtWebKit\qmlwebkitplugin.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libtidy.dll () MOD - \\?\globalroot\systemroot\syswow64\mswsock.DLL () MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll () ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (AcerSyncSystemService) -- C:\Programme\Acer\AcerSync\AcerSyncSystemService.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (nTuneService) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA) SRV - (UpdateCenterService) -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe (NVIDIA) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (sscemdm) -- C:\Windows\SysNative\drivers\sscemdm.sys (MCCI Corporation) DRV:64bit: - (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) -- C:\Windows\SysNative\drivers\ssceserd.sys (MCCI Corporation) DRV:64bit: - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\SysNative\drivers\sscebus.sys (MCCI Corporation) DRV:64bit: - (sscemdfl) -- C:\Windows\SysNative\drivers\sscemdfl.sys (MCCI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH) DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.) DRV:64bit: - (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation) DRV:64bit: - (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NVR0Dev) -- C:\Windows\nvoclk64.sys (NVIDIA Corp.) DRV - (NVR0FLASHDev) -- C:\Windows\nvflsh64.sys (NVidia Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB EA 03 E9 F7 12 CC 01 [binary data] IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.05.13 21:32:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.31 11:08:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2011.11.26 09:56:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2011.11.26 09:56:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.20 11:53:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.31 11:08:33 | 000,000,000 | ---D | M] [2011.06.02 14:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nico\AppData\Roaming\mozilla\Extensions [2010.04.05 19:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nico\AppData\Roaming\mozilla\Firefox\extensions [2010.05.16 10:56:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nico\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2009.02.15 00:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nico\AppData\Roaming\mozilla\Firefox\Profiles\gdxjdmue.default\extensions [2011.11.25 22:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nico\AppData\Roaming\mozilla\Firefox\Profiles\iqwjc4zy.default\extensions [2011.10.28 19:14:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nico\AppData\Roaming\mozilla\Firefox\Profiles\iqwjc4zy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.11.12 23:21:34 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Nico\AppData\Roaming\mozilla\Firefox\Profiles\iqwjc4zy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.06.02 15:18:14 | 000,000,000 | ---D | M] (KwiClick) -- C:\Users\Nico\AppData\Roaming\mozilla\Firefox\Profiles\iqwjc4zy.default\extensions\vinceturk@gmail.com [2011.11.20 11:54:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.06.04 13:45:13 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.10.21 19:31:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.11.20 11:53:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.10.08 15:48:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.22 13:01:33 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011.10.08 15:48:11 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.08 15:48:11 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.08 15:48:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.12.09 16:17:40 | 000,005,529 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchquWebSearch.xml [2011.10.08 15:48:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.08 15:48:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\ CHR - Extension: Skype Extension = C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\ Hosts file not found O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TaskTray] File not found O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [bluebirds] C:\Users\Nico\Bluebirds\BlueBirds.exe (LG Electronics) O4 - HKCU..\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart File not found O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011.08.31 10:21:07 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Save video on Savevid.com - C:\Program Files (x86)\Savevid\redirect.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files (x86)\Savevid\redirect.htm () O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27B56FCD-BFC7-4C90-A20B-5995A68AD33F}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI5C88~1\Datamngr\x64\datamngr.dll) - File not found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI5C88~1\Datamngr\x64\IEBHO.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{355b17b3-9c25-11e0-8513-001f3f085673}\Shell - "" = AutoRun O33 - MountPoints2\{355b17b3-9c25-11e0-8513-001f3f085673}\Shell\AutoRun\command - "" = E:\Autorun.exe O33 - MountPoints2\{5aa299e9-787f-11e0-a515-001f3f085673}\Shell - "" = AutoRun O33 - MountPoints2\{5aa299e9-787f-11e0-a515-001f3f085673}\Shell\AutoRun\command - "" = M:\pushinst.exe O33 - MountPoints2\{9521e698-6ea6-11e0-a3fa-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9521e698-6ea6-11e0-a3fa-806e6f6e6963}\Shell\AutoRun\command - "" = H:\BlueBirds.exe O33 - MountPoints2\{dd2488de-d320-11e0-b877-001f3f085673}\Shell - "" = AutoRun O33 - MountPoints2\{dd2488de-d320-11e0-b877-001f3f085673}\Shell\AutoRun\command - "" = H:\BlueBirds.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.26 23:58:36 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.11.26 09:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.26 09:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.26 09:53:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.11.25 23:33:14 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2011.11.25 23:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2011.11.25 23:33:12 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Notepad++ [2011.11.25 23:33:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++ [2011.11.25 23:18:53 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Java [2011.11.25 22:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2012 [2011.11.25 22:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2011.11.25 22:50:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2011.11.25 22:49:45 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2011.11.25 20:19:11 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Malwarebytes [2011.11.25 20:19:03 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.11.20 09:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.11.20 08:33:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2011.11.12 14:01:14 | 002,089,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcplUI.exe [2011.11.12 14:01:14 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFC71.dll [2011.11.12 14:01:14 | 001,071,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcplUIR.dll [2011.11.12 14:01:14 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp71.dll [2011.11.12 14:01:14 | 000,520,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr71.dll [2011.11.12 14:01:14 | 000,410,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.cpl [2011.11.12 14:01:14 | 000,388,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvexpBar.dll [2011.11.12 14:00:59 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Local\NVIDIA Corporation [2011.11.12 13:56:16 | 000,501,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NVUNINST.EXE [2011.11.12 13:22:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab [2011.11.02 16:10:20 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.11.01 15:09:00 | 000,000,000 | ---D | C] -- C:\Users\Nico\Desktop\Desktop [2011.11.01 15:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings [2011.11.01 13:55:26 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton [2011.11.01 13:17:36 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll [2011.11.01 13:17:36 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll [2011.11.01 13:17:36 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll [2011.11.01 13:17:36 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll [2011.11.01 13:17:36 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll [2011.11.01 13:17:36 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll [2011.11.01 13:17:33 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll [2011.11.01 13:17:33 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll [2011.11.01 13:17:30 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll [2011.11.01 13:17:30 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll [2011.11.01 13:17:29 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll [2011.11.01 13:17:29 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll [2011.11.01 13:17:28 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll [2011.11.01 13:17:28 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll [2011.11.01 13:17:26 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll [2011.11.01 13:17:26 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll [2011.11.01 13:17:26 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll [2011.11.01 13:17:26 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll [2011.11.01 13:17:25 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll [2011.11.01 13:17:25 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll [2011.11.01 13:17:22 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll [2011.11.01 13:17:22 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll [2011.11.01 13:17:21 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll [2011.11.01 13:17:21 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll [2011.11.01 13:17:21 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll [2011.11.01 13:17:21 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll [2011.11.01 13:17:20 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll [2011.11.01 13:17:20 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll [2011.11.01 13:17:19 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll [2011.11.01 13:17:19 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll [2011.11.01 13:17:19 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll [2011.11.01 13:17:19 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll [2011.11.01 13:17:19 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll [2011.11.01 13:17:19 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2011.11.01 13:17:18 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll [2011.11.01 13:17:18 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll [2011.11.01 13:17:17 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll [2011.11.01 13:17:17 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll [2011.11.01 13:17:17 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll [2011.11.01 13:17:17 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll [2011.11.01 13:17:15 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll [2011.11.01 13:17:15 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll [2011.11.01 13:17:15 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll [2011.11.01 13:17:15 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll [2011.11.01 13:17:15 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll [2011.11.01 13:17:15 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll [2011.11.01 13:17:14 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll [2011.11.01 13:17:14 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll [2011.11.01 13:17:14 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll [2011.11.01 13:17:14 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll [2011.11.01 13:17:13 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll [2011.11.01 13:17:13 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2011.11.01 13:17:13 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll [2011.11.01 13:17:13 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2011.11.01 13:17:12 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll [2011.11.01 13:17:12 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2011.11.01 13:17:12 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll [2011.11.01 13:17:12 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2011.11.01 13:17:12 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll [2011.11.01 13:17:12 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll [2011.11.01 13:17:10 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll [2011.11.01 13:17:10 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2011.11.01 13:17:10 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll [2011.11.01 13:17:10 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll [2011.11.01 13:17:10 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll [2011.11.01 13:17:10 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll [2011.11.01 13:17:10 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll [2011.11.01 13:17:10 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll [2011.11.01 13:17:09 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll [2011.11.01 13:17:09 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll [2011.11.01 13:17:09 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll [2011.11.01 13:17:09 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll [2011.11.01 13:17:09 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll [2011.11.01 13:17:09 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll [2011.11.01 13:17:08 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll [2011.11.01 13:17:08 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll [2011.11.01 13:17:07 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll [2011.11.01 13:17:07 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll [2011.11.01 13:17:07 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll [2011.11.01 13:17:07 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll [2011.11.01 13:17:07 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll [2011.11.01 13:17:07 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll [2011.11.01 13:17:02 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll [2011.11.01 13:17:02 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll [2011.11.01 13:17:02 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll [2011.11.01 13:17:02 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll [2011.11.01 13:17:01 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll [2011.11.01 13:17:01 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll [2011.11.01 13:17:00 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll [2011.11.01 13:17:00 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll [2011.11.01 13:16:59 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll [2011.11.01 13:16:59 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll [2011.11.01 13:16:59 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll [2011.11.01 13:16:59 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll [2011.11.01 13:16:58 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll [2011.11.01 13:16:58 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll [2011.11.01 13:16:58 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll [2011.11.01 13:16:58 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll [2011.11.01 13:16:57 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll [2011.11.01 13:16:57 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll [2011.11.01 13:16:57 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll [2011.11.01 13:16:57 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll [2011.11.01 13:16:55 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll [2011.11.01 13:16:55 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll [2011.11.01 13:16:55 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll [2011.11.01 13:16:55 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll [2011.11.01 13:16:55 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll [2011.11.01 13:16:55 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll [2011.11.01 13:16:54 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll [2011.11.01 13:16:54 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll [2011.11.01 13:16:54 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll [2011.11.01 13:16:54 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll [2011.11.01 13:16:52 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll [2011.11.01 13:16:52 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll [2011.11.01 13:16:52 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll [2011.11.01 13:16:52 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll [2011.11.01 13:16:51 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll [2011.11.01 13:16:51 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll [2011.11.01 13:16:50 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll [2011.11.01 13:16:50 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll [2011.11.01 13:16:50 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll [2011.11.01 13:16:50 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll [2011.11.01 13:16:48 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll [2011.11.01 13:16:48 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll [2011.11.01 13:16:48 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll [2011.11.01 13:16:48 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll [2011.11.01 13:16:47 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll [2011.11.01 13:16:47 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll [2011.11.01 13:16:47 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll [2011.11.01 13:16:47 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll [2011.11.01 13:16:46 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2011.11.01 13:16:46 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2011.11.01 13:16:46 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll [2011.11.01 13:16:46 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll [2011.11.01 13:16:46 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll [2011.11.01 13:16:46 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll [2011.11.01 13:16:45 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll [2011.11.01 13:16:45 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll [2011.11.01 13:16:44 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll [2011.11.01 13:16:44 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll [2011.11.01 13:16:44 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll [2011.11.01 13:16:44 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll [2011.11.01 13:16:43 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll [2011.11.01 13:16:43 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll [2011.11.01 13:16:42 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll [2011.11.01 13:16:42 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll [2011.11.01 13:16:41 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll [2011.11.01 13:16:41 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll [2011.11.01 13:16:35 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2011.11.01 13:16:35 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2011.11.01 13:16:34 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll [2011.11.01 13:16:34 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll [2011.11.01 13:16:34 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll [2011.11.01 13:16:34 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll [2011.11.01 13:16:33 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll [2011.11.01 13:16:33 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll [2011.11.01 13:16:31 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll [2011.11.01 13:16:31 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll [2011.11.01 13:16:30 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll [2011.11.01 13:16:30 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll [2011.11.01 13:16:28 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll [2011.11.01 13:16:28 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll [2011.11.01 13:16:26 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll [2011.11.01 13:16:26 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll [2011.11.01 13:16:25 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll [2011.11.01 13:16:25 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll [2011.11.01 11:24:32 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Local\CrashDumps [2011.10.31 11:08:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2011.10.30 23:44:16 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Windows SideBar [2011.10.30 22:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.10.30 22:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.10.30 22:24:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2011.10.30 22:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2011.10.30 22:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2011.10.30 22:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender [2011.10.30 22:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender [2011.10.29 12:57:28 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Local\ESN Sonar [2011.10.29 12:36:50 | 000,000,000 | ---D | C] -- C:\Windows\system64 [2011.10.29 10:47:39 | 024,742,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2011.10.29 10:47:39 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2011.10.29 10:47:39 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2011.10.29 10:47:39 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2011.10.29 10:47:38 | 024,796,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2011.10.29 10:47:38 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2011.10.29 10:47:38 | 015,693,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2011.10.29 10:47:38 | 007,581,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2011.10.29 10:47:38 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2011.10.29 10:47:38 | 002,542,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2011.10.29 10:47:38 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2011.10.29 10:47:38 | 002,232,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2011.10.29 10:47:38 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2011.10.28 20:22:57 | 000,000,000 | ---D | C] -- C:\Users\Nico\Documents\Battlefield 3 [2011.10.28 20:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins [2011.10.28 18:52:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 [2011.10.28 18:52:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.26 23:58:36 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.11.26 23:55:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At48.job [2011.11.26 23:55:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At47.job [2011.11.26 23:16:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.26 22:55:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At46.job [2011.11.26 22:55:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At45.job [2011.11.26 21:55:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At44.job [2011.11.26 21:55:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At43.job [2011.11.26 20:55:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At42.job [2011.11.26 20:55:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At41.job [2011.11.26 19:55:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At40.job [2011.11.26 19:55:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At39.job [2011.11.26 18:55:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At38.job [2011.11.26 18:55:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At37.job [2011.11.26 17:55:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At36.job [2011.11.26 17:55:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At35.job [2011.11.26 16:55:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At34.job [2011.11.26 16:55:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At33.job [2011.11.26 15:55:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At32.job [2011.11.26 15:55:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At31.job [2011.11.26 14:55:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At30.job [2011.11.26 14:55:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At29.job [2011.11.26 14:00:16 | 000,007,669 | ---- | M] () -- C:\Users\Nico\AppData\Local\Resmon.ResmonCfg [2011.11.26 13:55:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At28.job [2011.11.26 13:55:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At27.job [2011.11.26 12:55:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At26.job [2011.11.26 12:55:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At25.job [2011.11.26 11:55:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At24.job [2011.11.26 11:55:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At23.job [2011.11.26 11:16:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.26 10:55:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At22.job [2011.11.26 10:55:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At21.job [2011.11.26 10:14:44 | 000,000,186 | -HS- | M] () -- C:\Windows\KLIF.spi [2011.11.26 09:56:57 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2011.11.26 09:56:39 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2011.11.26 09:55:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At20.job [2011.11.26 09:55:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At19.job [2011.11.26 09:53:27 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.26 09:42:58 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.26 09:42:58 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.26 09:35:01 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2011.11.26 09:34:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.26 09:34:45 | 3219,251,200 | -HS- | M] () -- C:\hiberfil.sys [2011.11.25 23:19:23 | 000,000,032 | ---- | M] () -- C:\Users\Nico\AppData\Roaming\logfile [2011.11.25 23:12:04 | 000,017,408 | ---- | M] () -- C:\Users\Nico\AppData\Local\WebpageIcons.db [2011.11.25 22:49:45 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2011.11.25 20:29:33 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At8.job [2011.11.25 20:29:33 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At6.job [2011.11.25 20:29:33 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At4.job [2011.11.25 20:29:33 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At2.job [2011.11.25 20:29:33 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At18.job [2011.11.25 20:29:33 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At16.job [2011.11.25 20:29:33 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At14.job [2011.11.25 20:29:33 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At12.job [2011.11.25 20:29:33 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At10.job [2011.11.25 20:29:33 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At9.job [2011.11.25 20:29:33 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At7.job [2011.11.25 20:29:33 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At5.job [2011.11.25 20:29:33 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At3.job [2011.11.25 20:29:33 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At17.job [2011.11.25 20:29:33 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At15.job [2011.11.25 20:29:33 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At13.job [2011.11.25 20:29:33 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At11.job [2011.11.25 20:29:33 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At1.job [2011.11.25 20:04:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\1X42Ij4OA.com.b [2011.11.25 20:04:36 | 000,000,112 | ---- | M] () -- C:\ProgramData\DoWtEc611.dat [2011.11.25 20:04:35 | 000,111,616 | ---- | M] () -- C:\Windows\SysWow64\1X42Ij4OA.com_ [2011.11.20 14:16:48 | 000,002,373 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.11.20 08:46:32 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.11.20 08:46:32 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.11.20 08:45:26 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2011.11.20 08:33:30 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.11.13 12:27:09 | 000,002,563 | ---- | M] () -- C:\Windows\diagwrn.xml [2011.11.13 12:27:09 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2011.11.11 20:03:02 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2011.11.05 11:48:49 | 000,001,315 | ---- | M] () -- C:\Users\Nico\Desktop\Norton-Installationsdateien.lnk [2011.10.31 11:08:24 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2011.10.31 11:08:23 | 000,002,015 | ---- | M] () -- C:\Users\Public\Desktop\Kostenlose Angebote.lnk [2011.10.31 11:07:58 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll [2011.10.31 11:07:35 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll [2011.10.31 11:07:35 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll [2011.10.31 11:07:32 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2011.10.30 22:43:40 | 000,004,878 | ---- | M] () -- C:\Users\Nico\Documents\cc_20111030_224337.reg [2011.10.30 22:43:23 | 000,119,962 | ---- | M] () -- C:\Users\Nico\Documents\cc_20111030_224317.reg [2011.10.30 22:32:55 | 000,000,885 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.10.30 22:15:48 | 000,015,678 | ---- | M] () -- C:\ProgramData\1320009346.bdinstall.bin [2011.10.30 22:15:27 | 000,015,678 | ---- | M] () -- C:\ProgramData\1320009320.bdinstall.bin [2011.10.30 22:13:31 | 000,092,619 | ---- | M] () -- C:\ProgramData\1320009186.bdinstall.bin [2011.10.30 21:51:15 | 001,527,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.10.30 21:51:15 | 000,664,396 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.10.30 21:51:15 | 000,624,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.10.30 21:51:15 | 000,134,564 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.10.30 21:51:15 | 000,110,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.10.28 20:13:40 | 000,001,258 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2011.10.28 20:13:15 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.26 10:02:37 | 000,000,186 | -HS- | C] () -- C:\Windows\KLIF.spi [2011.11.26 09:53:27 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.25 23:19:23 | 000,000,032 | ---- | C] () -- C:\Users\Nico\AppData\Roaming\logfile [2011.11.25 23:12:03 | 000,017,408 | ---- | C] () -- C:\Users\Nico\AppData\Local\WebpageIcons.db [2011.11.25 22:51:30 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2011.11.25 22:51:30 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2011.11.25 20:04:52 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\1X42Ij4OA.com.b [2011.11.25 20:01:50 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At48.job [2011.11.25 20:01:50 | 000,000,112 | ---- | C] () -- C:\ProgramData\DoWtEc611.dat [2011.11.25 20:01:49 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At46.job [2011.11.25 20:01:49 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At44.job [2011.11.25 20:01:49 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At42.job [2011.11.25 20:01:49 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At40.job [2011.11.25 20:01:49 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At47.job [2011.11.25 20:01:49 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At45.job [2011.11.25 20:01:49 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At43.job [2011.11.25 20:01:49 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At41.job [2011.11.25 20:01:48 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At38.job [2011.11.25 20:01:48 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At36.job [2011.11.25 20:01:48 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At39.job [2011.11.25 20:01:48 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At37.job [2011.11.25 20:01:48 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At35.job [2011.11.25 20:01:47 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At34.job [2011.11.25 20:01:47 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At32.job [2011.11.25 20:01:47 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At30.job [2011.11.25 20:01:47 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At28.job [2011.11.25 20:01:47 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At26.job [2011.11.25 20:01:47 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At33.job [2011.11.25 20:01:47 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At31.job [2011.11.25 20:01:47 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At29.job [2011.11.25 20:01:47 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At27.job [2011.11.25 20:01:47 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At25.job [2011.11.25 20:01:46 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At24.job [2011.11.25 20:01:46 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At22.job [2011.11.25 20:01:46 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At20.job [2011.11.25 20:01:46 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At23.job [2011.11.25 20:01:46 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At21.job [2011.11.25 20:01:46 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At19.job [2011.11.25 20:01:45 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At18.job [2011.11.25 20:01:45 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At16.job [2011.11.25 20:01:45 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At14.job [2011.11.25 20:01:45 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At12.job [2011.11.25 20:01:45 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At10.job [2011.11.25 20:01:45 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At17.job [2011.11.25 20:01:45 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At15.job [2011.11.25 20:01:45 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At13.job [2011.11.25 20:01:45 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At11.job [2011.11.25 20:01:44 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At8.job [2011.11.25 20:01:44 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At9.job [2011.11.25 20:01:43 | 000,111,616 | ---- | C] () -- C:\Windows\SysWow64\1X42Ij4OA.com_ [2011.11.25 20:01:43 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At6.job [2011.11.25 20:01:43 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At4.job [2011.11.25 20:01:43 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At2.job [2011.11.25 20:01:43 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At7.job [2011.11.25 20:01:43 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At5.job [2011.11.25 20:01:43 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At3.job [2011.11.25 20:01:43 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\At1.job [2011.11.13 12:26:57 | 000,002,563 | ---- | C] () -- C:\Windows\diagwrn.xml [2011.11.13 12:26:57 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2011.11.02 15:46:28 | 000,001,315 | ---- | C] () -- C:\Users\Nico\Desktop\Norton-Installationsdateien.lnk [2011.10.31 11:08:24 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2011.10.31 11:08:23 | 000,002,015 | ---- | C] () -- C:\Users\Public\Desktop\Kostenlose Angebote.lnk [2011.10.30 22:43:39 | 000,004,878 | ---- | C] () -- C:\Users\Nico\Documents\cc_20111030_224337.reg [2011.10.30 22:43:20 | 000,119,962 | ---- | C] () -- C:\Users\Nico\Documents\cc_20111030_224317.reg [2011.10.30 22:32:48 | 000,000,885 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.10.30 22:15:48 | 000,015,678 | ---- | C] () -- C:\ProgramData\1320009346.bdinstall.bin [2011.10.30 22:15:27 | 000,015,678 | ---- | C] () -- C:\ProgramData\1320009320.bdinstall.bin [2011.10.30 22:13:31 | 000,092,619 | ---- | C] () -- C:\ProgramData\1320009186.bdinstall.bin [2011.10.28 18:52:39 | 000,001,258 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2011.09.17 11:19:13 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.09.13 10:54:50 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2011.09.07 19:16:24 | 000,000,132 | ---- | C] () -- C:\Users\Nico\AppData\Roaming\Adobe BMP Format CS5 Prefs [2011.09.02 15:21:57 | 000,286,208 | ---- | C] () -- C:\Windows\SysWow64\binkw32.dll [2011.08.21 18:22:53 | 000,000,000 | ---- | C] () -- C:\Users\Nico\AppData\Local\{A74B35F8-58AC-487D-9576-16F338C32A26} [2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.07.21 15:34:56 | 000,000,092 | ---- | C] () -- C:\Users\Nico\AppData\Local\fusioncache.dat [2011.07.20 21:08:28 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.07.20 20:46:20 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.06.04 13:46:36 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2011.05.13 17:49:26 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.05.13 17:49:24 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.05.12 20:23:00 | 000,003,584 | ---- | C] () -- C:\Users\Nico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.30 10:09:40 | 000,007,669 | ---- | C] () -- C:\Users\Nico\AppData\Local\Resmon.ResmonCfg [2011.01.29 16:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.01.29 16:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.01.29 16:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.01.29 16:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.01.29 16:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2010.04.12 20:53:37 | 000,027,870 | R--- | C] () -- C:\Users\Nico\AppData\Roaming\nvModes.dat.egisenc [2010.04.12 20:53:37 | 000,027,870 | R--- | C] () -- C:\Users\Nico\AppData\Roaming\nvModes.001.egisenc [2010.04.12 20:53:37 | 000,022,456 | R--- | C] () -- C:\Users\Nico\AppData\Roaming\PnkBstrK.sys.egisenc [2010.04.12 20:53:13 | 000,287,602 | R--- | C] () -- C:\Users\Nico\AppData\Local\vvfltt_nav.dat.egisenc [2010.04.12 20:53:13 | 000,003,146 | R--- | C] () -- C:\Users\Nico\AppData\Local\vvfltt.dat.egisenc [2010.04.12 20:53:13 | 000,000,459 | R--- | C] () -- C:\Users\Nico\AppData\Local\vvfltt_navps.dat.egisenc [2010.04.12 20:53:13 | 000,000,212 | R--- | C] () -- C:\Users\Nico\AppData\Local\vvfltt.bat.egisenc [2010.04.12 20:48:54 | 000,074,936 | R--- | C] () -- C:\Users\Nico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini.egisenc [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== Alternate Data Streams ========== @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:890CC2F3 @Alternate Data Stream - 1335 bytes -> C:\Users\Nico\AppData\Local\qHAv91Chm:ewrAQvTLVhwBib7ASHulHjts @Alternate Data Stream - 1195 bytes -> C:\Users\Nico\AppData\Local\mnalx6Z2s:bwt70X20Oc3IYOt6bfr9T4w9jubVN @Alternate Data Stream - 1119 bytes -> C:\Users\Nico\AppData\Local\plMwKtl8:Ki49ofuz1MQSrA30 < End of report > |
|
27.11.2011, 00:12
| #5 |
| | PING.exe 75% Auslastung, Trustedinstaller virus, trojaner OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.11.2011 23:57:42 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nico\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 55,52% Memory free
7,99 Gb Paging File | 5,46 Gb Available in Paging File | 68,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 303,63 Gb Total Space | 35,40 Gb Free Space | 11,66% Space Free | Partition Type: NTFS
Drive D: | 150,47 Gb Total Space | 0,70 Gb Free Space | 0,47% Space Free | Partition Type: NTFS
Drive F: | 4,25 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 477,40 Gb Total Space | 3,71 Gb Free Space | 0,78% Space Free | Partition Type: NTFS
Drive I: | 881,45 Gb Total Space | 367,49 Gb Free Space | 41,69% Space Free | Partition Type: NTFS
Drive M: | 931,44 Gb Total Space | 470,78 Gb Free Space | 50,54% Space Free | Partition Type: NTFS
Drive N: | 50,00 Gb Total Space | 50,00 Gb Free Space | 100,00% Space Free | Partition Type: exFAT
Computer Name: NICO-PC | User Name: Nico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{32508A23-C9EA-4D29-83CA-97A42A13701E}" = Microsoft Sync Framework Services v1.0 (x64)
"{38B4E24E-4F6E-4A6C-A414-F956FC35F376}" = NVIDIA CUDA Toolkit v4.0 (64 bit)
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{53D7A054-4598-4947-A159-E8FCC77720AB}" = Microsoft Sync Framework Runtime v1.0 (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A423B3FB-C9E6-4953-9A83-2A5F45CAF466}" = Microsoft SQL Server Compact 3.5 SP1 x64 繁體中文
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B613A9BB-2B34-4824-A4BE-2427653D59D6}" = iTunes
"{B78FE253-3F06-4771-6F51-3099C0935426}" = AMD Catalyst Install Manager
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"5D9817CE83DD092EB8923949297A94C53A0A27CF" = Windows Driver Package - ACER Incorporated (qcusbser) Ports (08/16/2010 2.0.6.6)
"637F4A11ADE9B1B3D8F4A37C0C4CA8EA924B739E" = Windows Driver Package - Linux Developer Community Net (08/16/2010 5.1.2600.2781)
"83E7AE861B9BCCB05F7AA822F9EE26C0672E6888" = Windows Driver Package - Acer, Inc (androidusb) USB (08/16/2010 1.0.0010.00000)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"D149DB73BE02E748657C63CBB404510E56E08F63" = Windows Driver Package - ACER Incorporated (qcusbser) Modem (08/16/2010 2.0.6.6)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"TeraCopy_is1" = TeraCopy 2.12
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0BE37B03-93EF-4B46-A4F3-30ED22569D1A}" = Microsoft SQL Server Compact 3.5 SP1 繁體中文
"{0D05B9E1-62B2-4274-96B1-57827B073EAD}" = Audials
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1B2626EF-067B-4A9B-9104-85BA8B43CA09}" = SafeGuard® PrivateCrypto 2.11.1 - Unlicensed Version
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FA08A70-6E60-4E06-90B6-7B96A741E9E0}" = Acer Sync
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0822.1
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{628C3D50-F524-4C49-A958-672CE7953756}" = Der Herr der Ringe® - Die Eroberung™
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{746F49C9-3789-4F8E-AF3A-3A4B42ACFAF8}" = Spellforce 2 Gold
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981405}" = SaveVid Plug-in
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428768A-BA63-43A5-86E9-7F0CFD174944}" = Command & Conquer 3 Tiberium Wars(TM) Worldbuilder
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVMWLANCLI" = AVM FRITZ!WLAN
"Badaboom2" = Badaboom 2.0.0.128
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Cities XL 2011" = Cities XL 2011
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"conduitEngine" = Conduit Engine
"DAEMON Tools Pro" = DAEMON Tools Pro
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DVDx 4.0 Open Edition" = DVDx 4.0 Open Edition
"eMule Razorback 3" = eMule Razorback 3
"ESN Sonar-0.70.4" = ESN Sonar
"EUcasino" = EUcasino
"Fraps" = Fraps
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"MegaTrainer XL_is1" = MegaTrainer XL V1.5.8.0
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"RailWorks 2_is1" = RailWorks 2
"RealPlayer 12.0" = RealPlayer
"SaveVid Plug-in" = SaveVid Plug-in
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"SystemRequirementsLab" = System Requirements Lab
"Test Drive Unlimited 2_is1" = Test Drive Unlimited 2
"Trainz Simulator 12_is1" = Trainz Simulator 12
"uTorrent" = µTorrent
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"VLC media player" = VLC media player 1.1.10
"vReveal 3" = vReveal 3
"ZOTAC FireStorm" = ZOTAC FireStorm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Monopoly Deluxe" = Monopoly Deluxe
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.11.2011 08:42:28 | Computer Name = Nico-PC | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.0.1065.11 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1d70 Startzeit:
01cca2017a2e1c56 Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe
Berichts-ID:
edabc4e7-0df4-11e1-a5dd-001f3f085673
Error - 20.11.2011 03:33:34 | Computer Name = Nico-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.5.20.0, Zeitstempel:
0x4e991cc9 Name des fehlerhaften Moduls: daemonu.exe, Version: 1.5.20.0, Zeitstempel:
0x4e991cc9 Ausnahmecode: 0xc000000d Fehleroffset: 0x0005f315 ID des fehlerhaften Prozesses:
0x10e8 Startzeit der fehlerhaften Anwendung: 0x01cca756b46055a8 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Berichtskennung:
f357bfce-1349-11e1-849e-001f3f085673
Error - 20.11.2011 03:45:39 | Computer Name = Nico-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.0.0.0, Zeitstempel:
0x4e9d3315 Name des fehlerhaften Moduls: bf3.exe, Version: 1.0.0.0, Zeitstempel:
0x4e9d3315 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001c6ec ID des fehlerhaften Prozesses:
0x82c Startzeit der fehlerhaften Anwendung: 0x01cca7585388b125 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Electronic Arts\Battlefield 3\bf3.exe Pfad des
fehlerhaften Moduls: C:\Program Files (x86)\Electronic Arts\Battlefield 3\bf3.exe
Berichtskennung:
a3b45e63-134b-11e1-849e-001f3f085673
Error - 20.11.2011 07:49:34 | Computer Name = Nico-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 25.11.2011 14:55:09 | Computer Name = Nico-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.5.20.0, Zeitstempel:
0x4e991cc9 Name des fehlerhaften Moduls: daemonu.exe, Version: 1.5.20.0, Zeitstempel:
0x4e991cc9 Ausnahmecode: 0xc000000d Fehleroffset: 0x0005f315 ID des fehlerhaften Prozesses:
0x111c Startzeit der fehlerhaften Anwendung: 0x01ccaba3be529603 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Berichtskennung:
fee6cb00-1796-11e1-b141-001f3f085673
Error - 25.11.2011 15:31:46 | Computer Name = Nico-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.5.20.0, Zeitstempel:
0x4e991cc9 Name des fehlerhaften Moduls: daemonu.exe, Version: 1.5.20.0, Zeitstempel:
0x4e991cc9 Ausnahmecode: 0xc000000d Fehleroffset: 0x0005f315 ID des fehlerhaften Prozesses:
0x13e4 Startzeit der fehlerhaften Anwendung: 0x01ccaba8ddb83d18 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Berichtskennung:
1c2cbb8f-179c-11e1-9906-001f3f085673
Error - 25.11.2011 18:59:59 | Computer Name = Nico-PC | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.0.1065.11 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13f4 Startzeit:
01ccabc40f399c2d Endzeit: 135 Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe
Berichts-ID:
3129b0c3-17b9-11e1-9906-001f3f085673
Error - 26.11.2011 04:37:36 | Computer Name = Nico-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.5.20.0, Zeitstempel:
0x4e991cc9 Name des fehlerhaften Moduls: daemonu.exe, Version: 1.5.20.0, Zeitstempel:
0x4e991cc9 Ausnahmecode: 0xc000000d Fehleroffset: 0x0005f315 ID des fehlerhaften Prozesses:
0x838 Startzeit der fehlerhaften Anwendung: 0x01ccac169cf398d8 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Berichtskennung:
e420018d-1809-11e1-8b21-001f3f085673
Error - 26.11.2011 04:53:32 | Computer Name = Nico-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.51.0.1118, Zeitstempel:
0x4e5e8e67 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x4c4b4a49 ID des fehlerhaften Prozesses:
0x178c Startzeit der fehlerhaften Anwendung: 0x01ccac18de050504 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 1db3dfb4-180c-11e1-8b21-001f3f085673
Error - 26.11.2011 11:02:59 | Computer Name = Nico-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
[ Media Center Events ]
Error - 22.05.2011 07:25:11 | Computer Name = Nico-PC | Source = MCUpdate | ID = 0
Description = 13:25:11 - Fehler beim Herstellen der Internetverbindung. 13:25:11
- Serververbindung konnte nicht hergestellt werden..
Error - 22.05.2011 07:25:22 | Computer Name = Nico-PC | Source = MCUpdate | ID = 0
Description = 13:25:16 - Fehler beim Herstellen der Internetverbindung. 13:25:16
- Serververbindung konnte nicht hergestellt werden..
Error - 05.06.2011 07:01:09 | Computer Name = Nico-PC | Source = MCUpdate | ID = 0
Description = 13:01:09 - Fehler beim Herstellen der Internetverbindung. 13:01:09
- Serververbindung konnte nicht hergestellt werden..
Error - 05.06.2011 07:01:20 | Computer Name = Nico-PC | Source = MCUpdate | ID = 0
Description = 13:01:14 - Fehler beim Herstellen der Internetverbindung. 13:01:14
- Serververbindung konnte nicht hergestellt werden..
Error - 05.06.2011 08:01:24 | Computer Name = Nico-PC | Source = MCUpdate | ID = 0
Description = 14:01:24 - Fehler beim Herstellen der Internetverbindung. 14:01:24
- Serververbindung konnte nicht hergestellt werden..
Error - 05.06.2011 08:01:30 | Computer Name = Nico-PC | Source = MCUpdate | ID = 0
Description = 14:01:29 - Fehler beim Herstellen der Internetverbindung. 14:01:29
- Serververbindung konnte nicht hergestellt werden..
Error - 24.06.2011 07:51:29 | Computer Name = Nico-PC | Source = MCUpdate | ID = 0
Description = 13:51:29 - Fehler beim Herstellen der Internetverbindung. 13:51:29
- Serververbindung konnte nicht hergestellt werden..
Error - 24.06.2011 07:51:40 | Computer Name = Nico-PC | Source = MCUpdate | ID = 0
Description = 13:51:34 - Fehler beim Herstellen der Internetverbindung. 13:51:34
- Serververbindung konnte nicht hergestellt werden..
Error - 30.10.2011 07:59:16 | Computer Name = Nico-PC | Source = MCUpdate | ID = 0
Description = 12:59:16 - Fehler beim Herstellen der Internetverbindung. 12:59:16
- Serververbindung konnte nicht hergestellt werden..
Error - 30.10.2011 07:59:25 | Computer Name = Nico-PC | Source = MCUpdate | ID = 0
Description = 12:59:21 - Fehler beim Herstellen der Internetverbindung. 12:59:21
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 25.11.2011 14:47:55 | Computer Name = Nico-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Firewall" ist vom Dienst "Windows-Firewallautorisierungstreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%183
Error - 25.11.2011 14:48:00 | Computer Name = Nico-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 25.11.2011 14:48:05 | Computer Name = Nico-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 25.11.2011 14:48:05 | Computer Name = Nico-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 25.11.2011 14:48:11 | Computer Name = Nico-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 25.11.2011 14:49:38 | Computer Name = Nico-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 25.11.2011 14:49:38 | Computer Name = Nico-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 25.11.2011 14:49:38 | Computer Name = Nico-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 25.11.2011 14:49:42 | Computer Name = Nico-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 25.11.2011 14:49:42 | Computer Name = Nico-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
< End of report >
|
|
27.11.2011, 11:35
| #6 |
| /// Malware-holic | PING.exe 75% Auslastung, Trustedinstaller virus, trojanerCombofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ --> PING.exe 75% Auslastung, Trustedinstaller virus, trojaner |
|
02.12.2011, 23:19
| #7 |
| | PING.exe 75% Auslastung, Trustedinstaller virus, trojaner Diese Combofix Teil hat mir den kompletten Pc auf den Kopf gestellt, kein Programm läuft mehr, alle einstellungen nach neustart weg. wiederherstellungspunkt funktioniert nicht denn die meldung kommt: kein zugriff... was jetzt?? |
|
03.12.2011, 16:20
| #8 |
| /// Malware-holic | PING.exe 75% Auslastung, Trustedinstaller virus, trojaner starte mal neu und stelle mir mal combofix.txt rein mal sehen was das log anzeigt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.12.2011, 00:18
| #9 |
| | PING.exe 75% Auslastung, Trustedinstaller virus, trojanerCode:
ATTFilter ComboFix 11-12-02.02 - Nico 02.12.2011 22:41:37.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4093.2289 [GMT 1:00]
ausgeführt von:: c:\users\Nico\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\users\Nico\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
c:\users\Nico\AppData\Roaming\.#
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\-Wirklich erst 16 Jahre alt realy 16 years old - chwanz auto car r@ygold childlover kinderficker porno paris hilton pamella.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\~WRD0003 (2).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\~WRD0003 (3).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\~WRD0003 (4).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\~WRD0003.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\042-coldplay_-_viva_la_vida-ministry.mp3.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\136 XXX porno russian lolita (3).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\2 Fast 2 Furious deutsch (2).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\6.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\backen.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Backen2.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Bilder.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\BOOTEX.LOG.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Braten (2).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\braten (3).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Braten.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Cheats.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\CIMG1492.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\corvette nfsc (2).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\corvette nfsc.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\data.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Die_Luftbrücke_(Nur_Der_Himmel_War_Frei)_[found-on-www-bitreactor-to].torrent.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\diff_normal (2).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\diff_normal.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Dok1.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Dok2.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Dokument22.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\emails.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Englisch hotel presentation (2).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Englisch hotel presentation.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Ey Mann wo is mein Auto [german].mp4.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\facharbeit in KFO (2).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Facharbeit in KFO (3).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\facharbeit in KFO.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\German_Global (2).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\German_Global (3).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\German_Global.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Grillen (2).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\grillen.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\HD Lamborghini LP560-4 Gallardo vs BMW M5 E60 50-300 km h = M5BOARD.com.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\heim.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Hoi und bisch fit.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Il Santo Graal.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\ital referat.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\ital referat=).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\kevin rudolf feat. lil wayne - let it rock (2).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\kevin rudolf feat. lil wayne - let it rock (3).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\kevin rudolf feat. lil wayne - let it rock (4).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\kevin rudolf feat. lil wayne - let it rock.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\key.docx (2).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\key.docx.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\KINGSTON (F).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Lamborghini Gallardo LP 560-4.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Lamborghini Gallardo LP560-4 - GRIP Teil1.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Lamborghini Gallardo Superleggera Video - MyVideo.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Lamborghini Murcielago 219mph (355km h) in HD.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Lamborghini Murcielago LP640 test drive music video.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\LANGUAGES.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Led Zeppelin - Stairway to haven.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\mausi.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\MEGGILE (F).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Meine Foto.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Meine Micha.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\menschen.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Mission Infrittable.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\n509223227_1009860_1593.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\netgear wireless password.txt.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Neuer Ordner.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Neues Bild (1).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Neues Bild (3).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Neues Bild (4).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Neues Bild.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Operation_Air_Assault_2_-_NoCD_Patch.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\passwörter im überblick.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\persönlich.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Proof.de.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Proof.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\proxy.spele[1].lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Queensberry - No Smoke [OFFCIAL MUSIC VIDEO LYRICS].lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\R.E.M. Losing My Religion.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\README (2).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\README (3).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\README (4).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\README (5).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Readme.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\RealPlayer-Downloads.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\reamonn - supergirl.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\rhianna ft justin timberlake-rheab o.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\san andreas cheats.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\sandras.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\schöneben.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\schmoren.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Schule Nico.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Schule.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Sepp Messner.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Service Vortrag.pptx (2).lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Service Vortrag.pptx.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\shutdown.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\sr-oaa2.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Staiway to heaven bearbeitet.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Suchergebnisse in Computer.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Sulden.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\ultimate-gaming-pc-783832.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\verdauung.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Videos.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Was ist das Lieblingsessen von Emos.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Wichtig.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\wichtig2.lnk.egisenc
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Recent\Witze.lnk.egisenc
c:\users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\iqwjc4zy.default\searchplugins\SearchquWebSearch.xml
c:\users\Nico\vlc-1.1.10-win32.exe
c:\windows\System64
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\avrt.dll
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\mfplat.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-02 bis 2011-12-02 ))))))))))))))))))))))))))))))
.
.
2011-12-02 21:49 . 2011-12-02 21:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-02 21:49 . 2011-12-02 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-27 01:36 . 2011-10-18 00:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FA482BCE-1ECD-4B03-83A8-A9BC160965F2}\mpengine.dll
2011-11-26 08:53 . 2011-11-26 08:53 -------- d-----w- c:\programdata\Malwarebytes
2011-11-26 08:53 . 2011-11-26 15:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-25 22:33 . 2011-11-25 22:34 -------- d-----w- c:\users\Nico\AppData\Roaming\Notepad++
2011-11-25 22:33 . 2011-11-25 22:33 -------- d-----w- c:\program files (x86)\Notepad++
2011-11-25 22:18 . 2011-11-25 22:19 -------- d-----w- c:\users\Nico\AppData\Roaming\Java
2011-11-25 21:50 . 2011-12-02 21:51 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-25 21:50 . 2011-11-25 21:50 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2011-11-25 19:19 . 2011-11-25 19:19 -------- d-----w- c:\users\Nico\AppData\Roaming\Malwarebytes
2011-11-25 19:19 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 19:01 . 2011-11-25 19:04 111616 ----a-w- c:\windows\SysWow64\1X42Ij4OA.com_
2011-11-20 07:33 . 2011-11-20 07:33 -------- d-----w- c:\windows\system32\Macromed
2011-11-12 13:01 . 2008-09-10 08:41 388640 ----a-w- c:\windows\system32\nvexpBar.dll
2011-11-12 13:01 . 2008-09-10 08:41 410656 ----a-w- c:\windows\system32\nvcpl.cpl
2011-11-12 13:01 . 2008-09-10 08:41 2089504 ----a-w- c:\windows\system32\nvcplUI.exe
2011-11-12 13:01 . 2008-09-10 08:41 1071136 ----a-w- c:\windows\system32\nvcplUIR.dll
2011-11-12 13:01 . 2008-06-19 15:43 978944 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-12 13:01 . 2008-06-19 15:43 520192 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-12 13:01 . 2008-06-19 15:43 1524736 ----a-w- c:\windows\system32\MFC71.dll
2011-11-12 13:00 . 2011-11-12 13:05 -------- d-----w- c:\users\Nico\AppData\Local\NVIDIA Corporation
2011-11-12 12:56 . 2008-10-01 07:14 501280 ----a-w- c:\windows\system32\NVUNINST.EXE
2011-11-12 12:22 . 2011-11-12 12:22 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-02 21:51 . 2011-09-12 09:46 25640 ----a-w- c:\windows\gdrv.sys
2011-11-20 07:46 . 2011-05-13 18:57 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-20 07:46 . 2011-05-13 16:49 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-20 07:45 . 2011-05-13 16:49 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-11-20 07:33 . 2011-05-15 07:12 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-31 10:07 . 2011-06-04 08:48 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-10-31 10:07 . 2011-06-04 08:48 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-10-30 21:15 . 2011-10-30 21:15 15678 ----a-w- c:\programdata\1320009346.bdinstall.bin
2011-10-30 21:15 . 2011-10-30 21:15 15678 ----a-w- c:\programdata\1320009320.bdinstall.bin
2011-10-30 21:13 . 2011-10-30 21:13 92619 ----a-w- c:\programdata\1320009186.bdinstall.bin
2011-10-30 13:11 . 2011-05-12 19:04 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-10-30 13:01 . 2011-05-12 18:52 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-30 13:01 . 2011-05-12 18:52 1092400 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-10-28 19:13 . 2011-05-13 16:49 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-10-15 08:53 . 2011-10-29 09:47 68928 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-15 08:53 . 2011-10-29 09:47 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-10-15 08:53 . 2011-10-29 09:47 24742720 ----a-w- c:\windows\system32\nvoglv64.dll
2011-10-15 08:53 . 2011-10-29 09:47 18871616 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-10-15 08:53 . 2011-10-29 09:47 12971840 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-10-15 08:53 . 2011-10-29 09:47 7581504 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-15 08:53 . 2011-10-29 09:47 5578560 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-10-15 08:53 . 2011-10-29 09:47 2542912 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-15 08:53 . 2011-10-29 09:47 24796992 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-15 08:53 . 2011-10-29 09:47 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-10-15 08:53 . 2011-10-29 09:47 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-15 08:53 . 2011-10-29 09:47 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-10-15 08:53 . 2011-10-29 09:47 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-10-15 08:53 . 2011-10-29 09:47 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-10-15 08:53 . 2011-08-10 11:06 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-10-15 08:53 . 2011-08-10 11:06 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-10-15 08:53 . 2011-04-24 19:24 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-10-15 08:53 . 2011-04-24 19:24 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-10-15 08:53 . 2011-04-24 19:24 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2011-04-24 19:24 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-10-15 08:53 . 2011-04-24 19:24 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-10-15 08:53 . 2011-04-07 21:19 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-10-15 08:53 . 2011-04-07 21:19 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-04-07 21:19 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-04-07 21:19 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2011-04-07 21:19 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-10-15 08:53 . 2011-04-07 21:19 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-04-07 21:18 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-07 17:52 . 2011-05-20 17:53 1092400 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-10-03 03:06 . 2011-05-29 08:45 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-17 10:19 . 2011-09-17 10:19 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2011-09-13 09:58 . 2011-09-13 09:58 25640 ----a-w- c:\windows\etdrv.sys
2011-09-13 09:54 . 2011-09-13 09:54 30528 ----a-w- c:\windows\GVTDrv64.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files (x86)\uTorrentBar_DE\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 10:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
2010-12-09 10:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar_DE\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files (x86)\uTorrentBar_DE\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bluebirds"="c:\users\Nico\Bluebirds\BlueBirds.exe" [2009-04-29 270336]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-04-30 399736]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-09-18 1242448]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-09-29 20880]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-09-29 929680]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2011-11-07 28854408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"NVIDIA nTune"="c:\program files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-09-29 145408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-10-31 273528]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-24 202296]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-04 136176]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-09-13 25640]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-04 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-09-13 30528]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [x]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [x]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [x]
R3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\DRIVERS\ssceserd.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 AcerSyncSystemService;AcerSyncSystemService;c:\program files\Acer\AcerSync\AcerSyncSystemService.exe [2011-06-16 81304]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-27 c:\windows\Tasks\At10.job
- c:\windows\system32\1X42Ij4OA.com_ [2011-11-25 19:04]
.
2011-11-27 c:\windows\Tasks\At12.job
- c:\windows\system32\1X42Ij4OA.com_ [2011-11-25 19:04]
.
2011-11-27 c:\windows\Tasks\At14.job
- c:\windows\system32\1X42Ij4OA.com_ [2011-11-25 19:04]
.
2011-11-27 c:\windows\Tasks\At16.job
- c:\windows\system32\1X42Ij4OA.com_ [2011-11-25 19:04]
.
2011-11-27 c:\windows\Tasks\At18.job
- c:\windows\system32\1X42Ij4OA.com_ [2011-11-25 19:04]
.
2011-11-26 c:\windows\Tasks\At2.job
- c:\windows\system32\1X42Ij4OA.com_ [2011-11-25 19:04]
.
2011-11-27 c:\windows\Tasks\At20.job
- c:\windows\system32\1X42Ij4OA.com_ [2011-11-25 19:04]
.
2011-11-27 c:\windows\Tasks\At22.job
- c:\windows\system32\1X42Ij4OA.com_ [2011-11-25 19:04]
.
2011-11-27 c:\windows\Tasks\At24.job
- c:\windows\system32\1X42Ij4OA.com_ [2011-11-25 19:04]
.
2011-11-27 c:\windows\Tasks\At26.job
- c:\windows\system32\1X42Ij4OA.com_ [2011-11-25 19:04]
.
2011-11-27 c:\windows\Tasks\At28.job
- c:\windows\system32\1X42Ij4OA.com_ [2011-11-25 19:04]
.
2011-11-27 c:\windows\Tasks\At30.job
- c:\windows\system32\1X42Ij4OA.com_ [2011-11-25 19:04]
.
2011-11-27 c:\windows\Tasks\At32.job
- c:\windows\system32\1X42Ij4OA.com_ [2011-11-25 19:04]
.
2011-11-27 c:\windows\Tasks\At34.job
- c:\windows\system32\1X42Ij4OA.com_ [2011-11-25 19:04]
.
2011-11-26 c:\windows\Tasks\At36.job
- c:\windows\system32\1X42Ij4OA.com_ [2011-11-25 19:04]
.
2011-11-26 c:\windows\Tasks\At38.job
- c:\windows\system32\1X42Ij4OA.com_ [2011-11-25 19:04]
.
2011-11-27 c:\windows\Tasks\At4.job
- c:\windows\system32\1X42Ij4OA.com_ [2011-11-25 19:04]
.
2011-12-02 c:\windows\Tasks\At40.job
- c:\windows\system32\1X42Ij4OA.com_ [2011-11-25 19:04]
.
2011-12-02 c:\windows\Tasks\At42.job
- c:\windows\system32\1X42Ij4OA.com_ [2011-11-25 19:04]
.
2011-12-02 c:\windows\Tasks\At44.job
- c:\windows\system32\1X42Ij4OA.com_ [2011-11-25 19:04]
.
2011-12-02 c:\windows\Tasks\At46.job
- c:\windows\system32\1X42Ij4OA.com_ [2011-11-25 19:04]
.
2011-11-26 c:\windows\Tasks\At48.job
- c:\windows\system32\1X42Ij4OA.com_ [2011-11-25 19:04]
.
2011-11-27 c:\windows\Tasks\At6.job
- c:\windows\system32\1X42Ij4OA.com_ [2011-11-25 19:04]
.
2011-11-27 c:\windows\Tasks\At8.job
- c:\windows\system32\1X42Ij4OA.com_ [2011-11-25 19:04]
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-04 12:45]
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-04 12:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024]
"combofix"="c:\combofix\CF6608.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Save video on Savevid.com - c:\program files (x86)\Savevid\redirect.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\iqwjc4zy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=2&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Desura - c:\program files (x86)\Desura\desura.exe
Wow6432Node-HKLM-Run-TaskTray - (no file)
Toolbar-10 - (no file)
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-RailWorks 2_is1 - i:\spiele\RailWorks 2\unins000.exe
AddRemove-Trainz Simulator 12_is1 - i:\spiele\TS12\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2757510387-1898712277-1225327336-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ec,08,a4,fa,29,74,b0,f9,11,a7,cc,ea,fa,38,28,e3,b3,47,92,f5,be,20,4c,
cf,2e,43,25,eb,75,4f,8e,b8,a5,31,02,db,67,2f,ca,97,85,9f,05,dc,0c,a1,eb,30,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-2757510387-1898712277-1225327336-1000\Software\SecuROM\License information*]
"datasecu"=hex:50,25,10,25,a0,d5,9e,17,c7,73,7b,09,06,ac,f6,96,0a,7b,42,9f,99,
c3,b1,34,32,c7,93,bd,d1,20,b0,9b,e2,89,0e,fc,9b,bf,ad,05,2d,19,11,7e,b5,8f,\
"rkeysecu"=hex:15,23,54,60,50,79,83,87,05,1c,92,b0,c4,6e,2e,69
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-02 22:57:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-12-02 21:57
.
Vor Suchlauf: 12 Verzeichnis(se), 38.909.730.816 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 40.623.546.368 Bytes frei
.
- - End Of File - - 91C449152DF125F94AB99378FE5B6FF8
|
|
04.12.2011, 16:51
| #10 |
| /// Malware-holic | PING.exe 75% Auslastung, Trustedinstaller virus, trojaner und was genau geht jetzt nicht mehr?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.12.2011, 22:51
| #11 |
| | PING.exe 75% Auslastung, Trustedinstaller virus, trojaner naja jetzt habe ich mir ein backup vom vortag des zwischenfalles raufgeladen und alles läuft wieder, zum glück aktualisiere ich ein backup jeden tag  |
|
08.12.2011, 13:47
| #12 |
| /// Malware-holic | PING.exe 75% Auslastung, Trustedinstaller virus, trojaner na das hättest mir ja auch gleich sagen können dann hätten wir uns arbeit erspart hehe aber sehr vorbildlich das mit dem backup
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.12.2011, 14:34
| #13 | |
| | PING.exe 75% Auslastung, Trustedinstaller virus, trojanerZitat:
|
|
08.12.2011, 14:40
| #14 |
| /// Malware-holic | PING.exe 75% Auslastung, Trustedinstaller virus, trojaner naja es ist ja auch keine lösung, ich dachte aber du wolltest das system so weiter laufen lassen, wenn du aber ne sicherung hast also ein backup ist das natürlich die beste lösung.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.12.2011, 19:33
| #15 | |
| | PING.exe 75% Auslastung, Trustedinstaller virus, trojanerZitat:
Ich möchte dir herzlich für deine Hilfe danken. |
|
| Themen zu PING.exe 75% Auslastung, Trustedinstaller virus, trojaner |
| administratorrechte, auslastung, benutzer, bestimmte, bestimmten, cpu, dateien, folge, folgendes, leistung, löschen, malwarebytes, namens, neu, nichts, ping.exe, power, problem, prozess, rechte, thema, trojan, trojane, trojaner, trustedinstaller, virus, ähnliches, ändern, Änderungen, öffnen |
Linear-Darstellung
