Plagegeister aller Art und deren Bekämpfung: GVU TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.
GVU Trojaner So nach ein paar Tagen nach dem letzten Trojaner kam ein neuer auf den PC: Der GVU Trojaner. Wie ich schon im diesen Subforum sehe, haben dieses Proble ja schon viele Leute, aber da ich nicht deren Schritte nachvollziehen soll, erstelle ich hiermit einen neuen Thread. Den Trojaner habe ich vor ungefähr 5min auf den PC bekommen, grad als ich auf Hardwareluxx und Computerbase war. Eigentlich ist Windows, Adobe Flash, Java und Browser Aktuell aber trotzdem hat es der Trojaner geschafft. Noch habe ich nichts probiert um den Virus zu entfernen, auch wenn ich schon gesehn habe dass es möglich ist auf den PC wieder zuzugreifen mit Systemwiederherstellung oder Kaspersky Rescue. Zurzeit bin ich im Abgesicherten Modus mit Netzwerktreibern unterwegs. Hier dann mal meine Logs:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Datenbank Version: v2012.08.04.04 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Voigt :: VOIGTPC [Administrator] 04.08.2012 16:52:21 mbam-log-2012-08-04 (17-01-55).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 551360 Laufzeit: 8 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|68EA5EF11E002 (Trojan.Agent.RNSGen) -> Daten: C:\ProgramData\68EA5EF11E002\68EA5EF11E002.exe -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|68EA5EF11E002 (Trojan.Agent.RNSGen) -> Daten: C:\ProgramData\68EA5EF11E002\68EA5EF11E002.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 3 HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\Voigt\AppData\Local\Temp\~!#DDA3.tmp (Trojan.Lameshield) -> Keine Aktion durchgeführt. C:\Users\Voigt\AppData\Local\{2f163d28-5dca-430c-1267-a8b9c6b56536}\n (Trojan.Sirefef) -> Keine Aktion durchgeführt. C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\n (Trojan.Sirefef) -> Keine Aktion durchgeführt. C:\ProgramData\68EA5EF11E002\68EA5EF11E002.exe (Trojan.Agent.RNSGen) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter OTL logfile created on: 04.08.2012 17:03:35 - Run 3 OTL by OldTimer - Version Folder = C:\Users\Voigt\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,96 Gb Total Physical Memory | 12,60 Gb Available Physical Memory | 78,98% Memory free 31,91 Gb Paging File | 28,89 Gb Available in Paging File | 90,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 476,84 Gb Total Space | 103,94 Gb Free Space | 21,80% Space Free | Partition Type: NTFS Drive F: | 931,50 Gb Total Space | 164,07 Gb Free Space | 17,61% Space Free | Partition Type: NTFS Computer Name: VOIGTPC | User Name: Voigt | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Voigt\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe (Adobe Systems, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (ArchiCrypt Ultimate RAM-Disk 3) -- C:\Windows\SysNative\ACRAMDiskHandlerService64RD3.exe (Softwareentwicklung Remus - ArchiCrypt) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (TunngleService) -- C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TeamViewer7) -- C:\Users\Voigt\temp\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (CyberLink PowerDVD 12 Media Server Service) -- C:\Programme\PowerDVD12\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink) SRV - (CLHNServiceForPowerDVD12) -- C:\Programme\PowerDVD12\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.) SRV - (CyberLink PowerDVD 12 Media Server Monitor Service) -- C:\Programme\PowerDVD12\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink) SRV - (ABBYY.Licensing.FineReader.Professional.11.0) -- C:\Programme\ABBYY FineReader 11\NetworkLicenseServer.exe (ABBYY) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (DokanMounter) -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe () SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iusb3xhc) Intel(R) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) Intel(R) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) Intel(R) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ACMoFlex64RD3) -- C:\Windows\SysNative\drivers\ACMoFlex64RD3.sys (Softwareentwicklung Remus - ArchiCrypt.com) DRV:64bit: - (Dokan) -- C:\Windows\SysNative\drivers\dokan.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (mirrorv3) -- C:\Windows\SysNative\drivers\rminiv3.sys (Famatech International Corp.) DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation) DRV:64bit: - (vhidmini) -- C:\Windows\SysNative\drivers\vHidDev.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (Abyssus) -- C:\Windows\SysNative\drivers\Abyssus.sys (Razer (Asia-Pacific) Pte Ltd) DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\drivers\BrSerIf.sys (Brother Industries Ltd.) DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Programme\PowerDVD12\PowerDVD12\Common\NavFilter\000.fcl (CyberLink Corp.) DRV - (ntk_PowerDVD12) -- C:\Programme\PowerDVD12\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys (Cyberlink Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 475801843 IE - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AD C1 C9 61 A3 1C CC 01 [binary data] IE - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A} IE - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..network.proxy.no_proxies_on: "local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files (x86)\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.05.08 19:14:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.24 16:32:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.05.12 14:10:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.24 16:32:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.12 14:10:26 | 000,000,000 | ---D | M] [2012.05.09 09:01:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Voigt\AppData\Roaming\mozilla\Extensions [2012.05.14 10:58:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Voigt\AppData\Roaming\mozilla\Firefox\Profiles\n92hw3xj.default\extensions [2012.05.14 10:58:39 | 000,023,087 | ---- | M] () (No name found) -- C:\USERS\VOIGT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N92HW3XJ.DEFAULT\EXTENSIONS\{5B52016C-D097-4AEC-BE61-9F129D8FDDBA}.XPI [2012.05.08 19:22:28 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml O1 HOSTS File: ([2012.07.23 12:40:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [68EA5EF11E002] C:\ProgramData\68EA5EF11E002\68EA5EF11E002.exe () O4 - HKLM..\Run: [Abyssus] C:\Programme\Razer Abyssus\razerhid.exe () O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-21-435027588-1902165278-2241592477-1000..\Run: [68EA5EF11E002] C:\ProgramData\68EA5EF11E002\68EA5EF11E002.exe () O4 - HKU\S-1-5-21-435027588-1902165278-2241592477-1000..\Run: [Infium] C:\Programme\QIP 2012 Jeak-Edition\qip.exe (QIP) O4 - HKU\S-1-5-21-435027588-1902165278-2241592477-1000..\RunOnce: [7531CCCB0059E9410308C7DCF875EF60] C:\ProgramData\7531CCCB0059E9410308C7DCF875EF60\7531CCCB0059E9410308C7DCF875EF60.exe File not found O4 - Startup: C:\Users\Voigt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Voigt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEF89CC2-A147-4C17-A801-26A40303533D}: DhcpNameServer = O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.04 16:56:44 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Voigt\Desktop\OTL.exe [2012.08.04 16:51:19 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA% [2012.08.04 16:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\68EA5EF11E002 [2012.07.30 00:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2012.07.29 16:20:05 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Local\4A Games [2012.07.28 17:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\eclipse [2012.07.28 17:10:09 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Local\Eclipse [2012.07.28 17:09:44 | 000,000,000 | ---D | C] -- C:\Users\Voigt\workspace [2012.07.27 20:53:05 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\BANDISOFT [2012.07.27 20:53:04 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Documents\Bandicam [2012.07.27 20:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam [2012.07.27 20:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Bandicam [2012.07.27 20:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1 [2012.07.27 20:21:38 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2 [2012.07.27 20:21:38 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2 [2012.07.27 20:06:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\directx [2012.07.27 20:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANNO 1602 Königs-Edition [2012.07.27 19:30:11 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Documents\ArmA 2 Other Profiles [2012.07.27 16:57:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2012.07.27 16:57:35 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2012.07.27 16:57:34 | 002,670,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2012.07.27 16:57:34 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2012.07.27 16:57:34 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll [2012.07.27 16:57:34 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll [2012.07.27 16:57:34 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2012.07.27 16:57:34 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2012.07.27 16:57:34 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll [2012.07.27 16:57:34 | 000,220,776 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll [2012.07.27 16:57:34 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2012.07.27 16:57:34 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2012.07.27 16:57:34 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2012.07.27 16:57:34 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll [2012.07.27 16:57:34 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll [2012.07.27 16:57:34 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll [2012.07.27 16:57:34 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2012.07.27 16:57:34 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll [2012.07.27 16:57:33 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2012.07.27 16:57:33 | 003,608,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2012.07.27 16:57:33 | 002,886,656 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat [2012.07.27 16:57:33 | 001,251,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2012.07.27 16:57:33 | 000,824,424 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2012.07.27 16:57:33 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2012.07.27 16:57:33 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2012.07.27 16:57:33 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2012.07.27 16:57:33 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2012.07.27 16:57:33 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2012.07.27 16:57:33 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2012.07.27 16:57:33 | 000,137,056 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2012.07.27 16:57:33 | 000,120,160 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2012.07.27 16:57:33 | 000,102,504 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll [2012.07.27 16:57:33 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2012.07.27 16:57:33 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2012.07.27 16:57:33 | 000,075,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2012.07.27 16:57:33 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll [2012.07.27 16:57:32 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2012.07.27 16:57:32 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2012.07.27 16:57:32 | 001,247,576 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll [2012.07.27 16:57:32 | 000,978,776 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2012.07.27 16:57:32 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll [2012.07.27 16:57:32 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2012.07.27 16:57:32 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2012.07.27 16:57:32 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2012.07.27 16:57:30 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2012.07.27 16:57:30 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2012.07.27 16:57:30 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2012.07.27 16:57:30 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll [2012.07.27 16:57:30 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll [2012.07.27 16:57:30 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll [2012.07.27 16:57:29 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2012.07.27 16:57:29 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2012.07.27 16:57:29 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2012.07.27 16:57:29 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2012.07.27 16:57:29 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2012.07.27 16:57:29 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2012.07.27 16:57:29 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2012.07.27 16:57:29 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2012.07.27 16:57:29 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2012.07.27 16:57:29 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2012.07.27 16:57:29 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2012.07.27 16:57:29 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2012.07.23 21:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewFeature1 [2012.07.23 20:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF [2012.07.23 20:32:12 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF Reader 2 [2012.07.23 20:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF [2012.07.23 20:30:57 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Nitro PDF [2012.07.23 20:30:47 | 000,029,712 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll [2012.07.23 20:30:47 | 000,017,936 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll [2012.07.23 20:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF [2012.07.23 20:29:54 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Downloaded Installations [2012.07.23 17:45:52 | 000,000,000 | --SD | C] -- C:\ComboFix [2012.07.23 17:45:45 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2012.07.23 12:41:23 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.07.23 12:40:32 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.07.23 12:34:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.07.21 23:14:01 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\xsecva [2012.07.21 22:59:39 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Local\NFS Underground 2 [2012.07.21 22:59:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES [2012.07.19 17:40:32 | 000,000,000 | ---D | C] -- C:\Users\Voigt\jagexcache [2012.07.18 16:02:29 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Documents\Hard Reset Extended [2012.07.16 21:19:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012.07.16 21:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA [2012.07.16 12:54:55 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Documents\Dust [2012.07.14 23:23:01 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll [2012.07.14 23:23:01 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll [2012.07.14 23:23:01 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll [2012.07.14 23:23:01 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll [2012.07.14 23:22:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5 [2012.07.14 23:19:31 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll [2012.07.14 23:19:31 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll [2012.07.14 23:19:31 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll [2012.07.14 23:19:31 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax [2012.07.14 23:19:31 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax [2012.07.14 23:19:31 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll [2012.07.14 23:19:31 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax [2012.07.14 23:19:31 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax [2012.07.14 23:19:31 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax [2012.07.14 23:19:31 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax [2012.07.14 23:19:31 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax [2012.07.14 23:19:31 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax [2012.07.14 23:19:31 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll [2012.07.14 23:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft [2012.07.14 23:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPER [2012.07.14 23:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft [2012.07.13 23:31:25 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Documents\ANNO 2070 [2012.07.13 22:47:23 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Local\Ubisoft Game Launcher [2012.07.13 22:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2012.07.13 22:33:44 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Ubisoft [2012.07.13 22:32:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2012.07.13 17:15:56 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Trine2 [2012.07.13 17:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam [2012.07.13 17:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam [2012.07.13 17:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam [2012.07.12 19:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Tournament G.O.T.Y. Edition [2012.07.12 19:33:08 | 000,000,000 | ---D | C] -- C:\UnrealTournament [2012.07.12 17:31:08 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Heaven [2012.07.12 17:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine [2012.07.12 17:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Heaven DX11 Benchmark 3.0 [2012.07.11 10:44:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.11 10:44:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.11 10:44:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.11 10:44:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.11 10:44:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.11 10:44:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.11 10:44:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.11 10:44:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.11 10:44:46 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.11 10:44:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.11 10:44:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.11 10:44:46 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.11 10:44:46 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.11 06:35:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.11 06:35:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.11 06:35:16 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.11 06:35:16 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.11 06:35:16 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.11 00:51:31 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Red Alert 3 [2012.07.10 23:57:52 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\tropico 4 [2012.07.08 19:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\StreamMyGame [2012.07.06 16:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\MagiWOL [2012.07.06 14:07:07 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Documents\Remote Assistance Logs [2012.07.05 23:41:17 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [1 C:\Users\Voigt\Desktop\*.tmp files -> C:\Users\Voigt\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.04 16:56:45 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Voigt\Desktop\OTL.exe [2012.08.04 16:53:52 | 001,613,166 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.04 16:53:52 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.04 16:53:52 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.04 16:53:52 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.04 16:53:52 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.04 16:47:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.04 16:46:12 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.04 16:46:12 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\QIPdater 2012.job [2012.08.04 16:45:24 | 000,003,072 | -H-- | M] () -- C:\Users\Voigt\AppData\Roaming\unlocker.dll [2012.08.04 16:34:13 | 000,022,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.04 16:34:13 | 000,022,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.04 16:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.04 16:29:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.03 20:28:15 | 000,000,056 | ---- | M] () -- C:\Windows\kgt2k.INI [2012.08.03 16:49:27 | 011,136,244 | ---- | M] () -- C:\Users\Voigt\Desktop\MusterklausurLösung.rar [2012.08.03 00:31:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.03 00:31:04 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.23 12:40:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.07.19 17:48:14 | 000,000,024 | ---- | M] () -- C:\Users\Voigt\random.dat [2012.07.19 17:40:32 | 000,000,044 | ---- | M] () -- C:\Users\Voigt\jagex_cl_runescape_LIVE.dat [2012.07.14 23:12:07 | 000,116,854 | ---- | M] () -- C:\Users\Voigt\Desktop\League_of_Legends_LOGO.jpg [2012.07.14 23:08:48 | 344,989,520 | ---- | M] () -- C:\Users\Voigt\Desktop\ts3_recording_12_07_14_22_38_44.wav [2012.07.12 23:52:01 | 000,001,282 | ---- | M] () -- C:\Users\Voigt\Desktop\shutdown.lnk [2012.07.12 17:30:45 | 000,003,072 | ---- | M] () -- C:\Users\Voigt\AppData\Local\file__0.localstorage [2012.07.11 16:48:12 | 000,288,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.11 15:46:51 | 000,000,040 | ---- | M] () -- C:\ProgramData\ra3.ini [2012.07.08 18:00:06 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.07.08 18:00:06 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI [2012.07.06 11:10:58 | 000,007,608 | ---- | M] () -- C:\Users\Voigt\AppData\Local\Resmon.ResmonCfg [1 C:\Users\Voigt\Desktop\*.tmp files -> C:\Users\Voigt\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.04 16:45:24 | 000,003,072 | -H-- | C] () -- C:\Users\Voigt\AppData\Roaming\unlocker.dll [2012.08.03 20:12:56 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI [2012.08.03 16:49:25 | 011,136,244 | ---- | C] () -- C:\Users\Voigt\Desktop\MusterklausurLösung.rar [2012.07.27 16:57:33 | 000,272,629 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2012.07.23 20:32:14 | 000,002,487 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk [2012.07.19 17:40:32 | 000,000,044 | ---- | C] () -- C:\Users\Voigt\jagex_cl_runescape_LIVE.dat [2012.07.19 17:40:32 | 000,000,024 | ---- | C] () -- C:\Users\Voigt\random.dat [2012.07.14 23:23:01 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.07.14 23:19:31 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax [2012.07.14 23:19:31 | 000,195,584 | RHS- | C] () -- C:\Windows\SysWow64\MatroskaDX.ax [2012.07.14 23:19:31 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax [2012.07.14 23:19:31 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax [2012.07.14 23:19:31 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax [2012.07.14 23:19:31 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.07.14 23:19:31 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax [2012.07.14 23:19:31 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax [2012.07.14 23:19:31 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax [2012.07.14 23:19:31 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax [2012.07.14 23:19:31 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax [2012.07.14 23:12:07 | 000,116,854 | ---- | C] () -- C:\Users\Voigt\Desktop\League_of_Legends_LOGO.jpg [2012.07.14 22:38:51 | 344,989,520 | ---- | C] () -- C:\Users\Voigt\Desktop\ts3_recording_12_07_14_22_38_44.wav [2012.07.12 17:30:45 | 000,003,072 | ---- | C] () -- C:\Users\Voigt\AppData\Local\file__0.localstorage [2012.07.11 15:46:51 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2012.06.28 17:44:42 | 000,428,904 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.06.20 15:08:18 | 000,000,219 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.06.20 15:08:18 | 000,000,084 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.06.20 15:08:11 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2012.06.20 15:08:11 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.06.20 15:08:11 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.06.14 23:37:11 | 000,000,258 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2012.05.21 16:22:29 | 000,007,608 | ---- | C] () -- C:\Users\Voigt\AppData\Local\Resmon.ResmonCfg [2012.05.18 15:31:56 | 000,000,262 | ---- | C] () -- C:\Windows\game.ini [2012.05.17 15:14:42 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2012.05.17 15:14:42 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2012.05.17 15:14:42 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2012.05.17 14:27:12 | 000,000,224 | ---- | C] () -- C:\Windows\SIERRA.INI [2012.05.15 23:04:01 | 000,004,439 | ---- | C] () -- C:\Windows\jhbqq32.ini [2012.05.15 23:04:01 | 000,001,442 | ---- | C] () -- C:\Windows\cxpcqs-h48.ini [2012.05.08 21:14:34 | 000,281,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.05.08 21:14:34 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.05.08 20:02:52 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.05.08 19:14:34 | 001,641,574 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.08 18:12:09 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.05.08 18:12:09 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.05.08 18:05:49 | 000,057,494 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.05.08 18:04:35 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.05.08 18:04:29 | 000,040,555 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2011.01.10 14:49:16 | 000,035,840 | ---- | C] () -- C:\Windows\SysWow64\dokan.dll ========== LOP Check ========== [2012.05.11 19:04:29 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\.minecraft [2012.05.31 21:22:59 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\aacs [2012.05.08 19:04:28 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\ArchiCrypt Ultimate RAM-Disk3 [2012.05.13 16:06:15 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Ashampoo [2012.07.27 20:53:05 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\BANDISOFT [2012.06.04 21:13:46 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Cinspiration [2012.05.08 19:59:48 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\DAEMON Tools Lite [2012.07.23 20:31:16 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Downloaded Installations [2012.08.04 16:26:32 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Dropbox [2012.07.22 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\IrfanView [2012.05.08 18:30:32 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\jeak.de [2012.07.10 23:56:35 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Kalypso Media [2012.05.08 23:15:59 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\LolClient [2012.05.24 18:13:06 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\LolClient2 [2012.08.04 02:32:28 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Nitro PDF [2012.06.25 20:29:16 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Notepad++ [2012.05.08 18:05:07 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Opera [2012.05.08 20:20:34 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Origin [2012.05.08 21:13:59 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\QuickStoresToolbar [2012.06.13 20:30:55 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Radmin [2012.06.20 19:51:50 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\RapidShare [2012.07.11 00:53:39 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Red Alert 3 [2012.05.13 00:37:24 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\ScummVM [2012.06.19 14:27:28 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\six-updater [2012.06.13 14:14:26 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\six-zsync [2012.06.20 09:26:51 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Spirited Machine [2012.05.08 19:28:48 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\SplitMediaLabs [2012.06.13 19:53:48 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\TeamViewer [2012.05.09 15:50:47 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\The Creative Assembly [2012.07.13 17:15:56 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Trine2 [2012.08.02 02:48:33 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\tropico 4 [2012.06.13 19:47:38 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\TrueCrypt [2012.07.23 22:16:22 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\TS3Client [2012.05.17 18:41:15 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Tunngle [2012.07.13 22:33:44 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Ubisoft [2012.08.03 20:04:41 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\uTorrent [2012.07.22 16:35:55 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\xsecva [2012.07.06 11:38:56 | 000,000,000 | ---D | M] -- C:\Users\WG\AppData\Roaming\Opera [2012.07.24 18:50:59 | 000,000,000 | ---D | M] -- C:\Users\WG\AppData\Roaming\tropico 4 [2012.08.04 16:46:12 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\QIPdater 2012.job [2012.06.30 16:47:05 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.08.2012 17:03:35 - Run 3 OTL by OldTimer - Version Folder = C:\Users\Voigt\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,96 Gb Total Physical Memory | 12,60 Gb Available Physical Memory | 78,98% Memory free 31,91 Gb Paging File | 28,89 Gb Available in Paging File | 90,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 476,84 Gb Total Space | 103,94 Gb Free Space | 21,80% Space Free | Partition Type: NTFS Drive F: | 931,50 Gb Total Space | 164,07 Gb Free Space | 17,61% Space Free | Partition Type: NTFS Computer Name: VOIGTPC | User Name: Voigt | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 1 "AntiVirusDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3 "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit) "{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 304.79 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 304.79 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 304.79 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 304.79 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F9B292AE-1BA8-481B-9C09-1C5CABFB0E4C}" = Nitro Reader 2 "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager "ArchiCrypt Ultimate RAM-Disk3_is1" = ArchiCrypt Ultimate RAM-Disk 3 Version "JosipMedved_MagiWOL_is1" = MagiWOL 3.30 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "TeamSpeak 3 Client" = TeamSpeak 3 Client "Unigine Heaven DX11 Benchmark (Basic Edition)_is1" = Heaven DX11 Benchmark version 3.0 "Unlocker" = Unlocker 1.9.1-x64 "VLC media player" = VLC media player 2.0.1 "WinRAR archiver" = WinRAR 4.00 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{077A7810-A937-4465-AD08-ACED9807995F}" = ANNO 1602 Königs-Edition "{102E4D60-5A93-4A3C-8105-FE390427C60D}" = Sid Meier's Alpha Centauri 2000/XP Compatibility Update "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{23FA5F0A-04B3-4343-AA3E-C8BA6C3BADA6}" = RapidDrive "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4 "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot™ 3 "{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung SSD Magician "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{43430808-081A-4C0D-B7CC-601000018301}" = LOST PLANET 2 "{43430808-081A-4C0D-B7CC-601000018302}" = LOST PLANET 2 "{43430808-081A-4C0D-B7CC-601000018303}" = LOST PLANET 2 "{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-5490CN "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{68DED384-1F74-4AEE-8B8E-95AF15572FE3}" = Port Royale 3 "{6B1A1AD8-301F-46A8-9AB3-816AD02EE752}" = XSplit "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7302BD5B-B67D-4144-AA59-C60520C5FDC6}" = Six Updater "{737369DC-08E8-4787-A78C-F86943247BDF}" = LOST PLANET 2 "{746F49C9-3789-4F8E-AF3A-3A4B42ACFAF8}" = Spellforce 2 Gold "{77033683-0816-4D7D-8BF1-3949B4E9823D}" = Battlefield 3™ "{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3 "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F311E2E-C275-4CF0-8154-B63991832668}_is1" = SUPER © v2012.build.52 (July 7, 2012) Version v2012.build.52 "{8FDBE1E8-2922-4750-9E4B-6B28CA67DBBB}" = Unreal "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{AF364116-6A2F-43E6-9D12-901ACC3CDC00}" = ArmA II Launcher "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12 "{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070 "{B931991C-FA2F-4B73-8F48-43C20B7581DE}" = QIP 2012 7058 Jeak-Edition "{CBD6B23A-B54F-476A-9527-C262F469CACF}" = Razer Abyssus "{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2 "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F1100000-0011-0000-0001-074957833700}" = ABBYY FineReader 11 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "1489-3350-5074-6281" = JDownloader 0.9 "6103-4188-8184-5707" = RapidShare Manager 2 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.00 "Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced "ASIO4ALL" = ASIO4ALL "Axife Mouse Recorder DEMO_is1" = Axife Mouse Recorder DEMO 5.01 "Bandicam" = Bandicam "BandiMPEG1" = Bandisoft MPEG-1 Decoder "Battlelog Web Plugins" = Battlelog Web Plugins "BattlEye for A2" = BattlEye Uninstall "BattlEye for OA" = BattlEye for OA Uninstall "Civilization.V.GOTY.incl.Gods.and.Kings_is1" = Civilization.V.GOTY.incl.Gods.and.Kings "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11 "Counter-Strike 1.6 V35" = Counter-Strike 1.6 V35 "Diablo III" = Diablo III "DivX Setup" = DivX-Setup "DokanLibrary" = Dokan Library 0.6.0 "EasyBCD" = EasyBCD 2.1 "ESN Sonar-0.70.4" = ESN Sonar "Fraps" = Fraps (remove only) "InstallShield_{102E4D60-5A93-4A3C-8105-FE390427C60D}" = Sid Meier's Alpha Centauri 2000/XP Compatibility Update "InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12 "InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2 "IrfanView" = IrfanView (remove only) "MagniDriver" = marvell 91xx driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Opera 11.60.1185" = Opera 11.60 "Origin" = Origin "PunkBusterSvc" = PunkBuster Services "QIP 2012 7058 Jeak-Edition 4.0.7058" = QIP 2012 7058 Jeak-Edition "QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0 "ScummVM_is1" = ScummVM 1.4.1 "Sid Meier's Alpha Centauri" = Sid Meier's Alpha Centauri "Steam App 10" = Counter-Strike "Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes "Steam App 107100" = Bastion "Steam App 113200" = The Binding of Isaac "Steam App 203770" = Crusader Kings II "Steam App 208140" = Endless Space "Steam App 33460" = From Dust "Steam App 33910" = ARMA 2 "Steam App 33930" = ARMA 2: Operation Arrowhead "Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad "Steam App 35720" = Trine 2 "Steam App 43110" = Metro 2033 "Steam App 4700" = Medieval II: Total War "Steam App 4780" = Medieval II: Total War Kingdoms "Steam App 48000" = LIMBO "Steam App 57690" = Tropico 4 "Steam App 70400" = Recettear: An Item Shop's Tale "Steam App 80" = Counter-Strike: Condition Zero "Steam App 8980" = Borderlands "Steam App 9180" = Commander Keen Complete Pack "Steam App 98400" = Hard Reset "TeamViewer 7" = TeamViewer 7 "TechPowerUp GPU-Z" = TechPowerUp GPU-Z "TenomichiStreamer" = StreamMyGame software "TigerGame XBOX+PS2+GC Game Controller Adapter_is1" = TigerGame XBOX+PS2+GC Game Controller Adapter "TrueCrypt" = TrueCrypt "Tunngle beta_is1" = Tunngle beta "uTorrent" = µTorrent "Winamp" = Winamp ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-435027588-1902165278-2241592477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Tropico 4" = Tropico 4 1.00 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 31.07.2012 05:15:09 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10 Description = Error - 31.07.2012 16:11:06 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10 Description = Error - 01.08.2012 11:39:43 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10 Description = Error - 02.08.2012 08:07:09 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10 Description = Error - 02.08.2012 10:38:25 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10 Description = Error - 03.08.2012 10:14:11 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10 Description = Error - 03.08.2012 13:34:53 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10 Description = Error - 04.08.2012 10:27:53 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10 Description = Error - 04.08.2012 10:45:32 | Computer Name = VoigtPC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: regsvr32.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bca28 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x000300fa ID des fehlerhaften Prozesses: 0x858 Startzeit der fehlerhaften Anwendung: 0x01cd724fcbf16905 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\regsvr32.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 0a0f64a7-de43-11e1-a2df-c86000c152e4 Error - 04.08.2012 10:49:50 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 04.08.2012 10:47:59 | Computer Name = VoigtPC | Source = DCOM | ID = 10005 Description = Error - 04.08.2012 10:47:59 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 04.08.2012 10:47:59 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error - 04.08.2012 10:47:59 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error - 04.08.2012 10:47:59 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ACMoFlex64RD3 discache spldr sptd truecrypt Wanarpv6 Error - 04.08.2012 10:48:00 | Computer Name = VoigtPC | Source = DCOM | ID = 10005 Description = Error - 04.08.2012 10:48:06 | Computer Name = VoigtPC | Source = DCOM | ID = 10005 Description = Error - 04.08.2012 10:48:06 | Computer Name = VoigtPC | Source = DCOM | ID = 10005 Description = Error - 04.08.2012 10:48:07 | Computer Name = VoigtPC | Source = DCOM | ID = 10005 Description = Error - 04.08.2012 10:48:07 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > Ich würde mich auch zusätzlich um weitere Tipps zur Vermeidung eines weiteren Befalles freuen. (Damit meine ich nicht allgemeine Tipps sondern speziell für den GVU Trojaner) |
/// Malware-holic
GVU Trojaner dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.
• Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox.
![]() für eine weitere analyse benötige ich mal folgendes. c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte Trojaner-Board Upload Channel wenn dies erledigt ist, bittemelden.
__________________ |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() GVU Trojaner hi
__________________danke du hast schon wieder den zero access auf dem pc. da man diesen nicht 100 %ig sicher bereinigen kann, machen wir den pc neu. wenn du onlinebanking machst, bank anrufen, notfall nummer: 116 116 und es sperren lassen, alle passwörter endern. der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
GVU Trojaner Fix wurde "erfolgreich" ausgeführt. Ich konnte in den normalen Modus einen kurzen Moment starten, dann hat sich ein Programm namens: Live Security Platinum geöffnet und mein System nach Viren gescannt. Das Programm ist zu finden unter: C:\ProgramData\7531CCCB0059E9410308C7DCF875EF60\7531CCCB0059E9410308C7DCF875EF60.exe Danach hat sich auch wieder der GVU Bildschirm geöffnet und mich vom weiteren Arbeiten geblockt. Jetzt bin ich wieder im Abgesicherten Modus. Dein gefragtes Textdokument habe ich nicht gefunden, aber wenn ich mich recht erinnere müsste nach dem fix auf dem Bildschirm ein OTLfixed.txt oder ähnlich sich erstellen. Dies ist aber nicht passiert. Deine zwei Ordner habe ich verpackt und hochgeladen. Hier ist noch ein aktueller mbam, und OTL Scan:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Datenbank Version: v2012.08.04.04 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Voigt :: VOIGTPC [Administrator] 04.08.2012 19:21:38 mbam-log-2012-08-04 (19-30-11).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 551619 Laufzeit: 8 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.Lameshield) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|7531CCCB0059E9410308C7DCF875EF60 (Trojan.Lameshield) -> Daten: C:\ProgramData\7531CCCB0059E9410308C7DCF875EF60\7531CCCB0059E9410308C7DCF875EF60.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 3 HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 1 C:\Users\Voigt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Keine Aktion durchgeführt. Infizierte Dateien: 9 C:\ProgramData\7531CCCB0059E9410308C7DCF875EF60\7531CCCB0059E9410308C7DCF875EF60.exe (Trojan.Lameshield) -> Keine Aktion durchgeführt. C:\Users\Voigt\AppData\Local\Temp\sgwe3t.exe (Exploit.Drop.COD) -> Keine Aktion durchgeführt. C:\Users\Voigt\AppData\Local\Temp\~!#CAFD.tmp (Trojan.Lameshield) -> Keine Aktion durchgeführt. C:\Users\Voigt\AppData\Local\Temp\~!#DDA3.tmp (Trojan.Lameshield) -> Keine Aktion durchgeführt. C:\Users\Voigt\AppData\Local\{2f163d28-5dca-430c-1267-a8b9c6b56536}\n (Trojan.Sirefef) -> Keine Aktion durchgeführt. C:\Users\Voigt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\e612d30-3b90d85f (Exploit.Drop.COD) -> Keine Aktion durchgeführt. C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\n (Trojan.Sirefef) -> Keine Aktion durchgeführt. C:\Users\Voigt\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Keine Aktion durchgeführt. C:\Users\Voigt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter OTL logfile created on: 04.08.2012 19:30:44 - Run 4 OTL by OldTimer - Version Folder = C:\Users\Voigt\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,96 Gb Total Physical Memory | 12,98 Gb Available Physical Memory | 81,32% Memory free 31,91 Gb Paging File | 29,24 Gb Available in Paging File | 91,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 476,84 Gb Total Space | 103,94 Gb Free Space | 21,80% Space Free | Partition Type: NTFS Drive F: | 931,50 Gb Total Space | 164,07 Gb Free Space | 17,61% Space Free | Partition Type: NTFS Computer Name: VOIGTPC | User Name: Voigt | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Voigt\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe (Adobe Systems, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (ArchiCrypt Ultimate RAM-Disk 3) -- C:\Windows\SysNative\ACRAMDiskHandlerService64RD3.exe (Softwareentwicklung Remus - ArchiCrypt) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (TunngleService) -- C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TeamViewer7) -- C:\Users\Voigt\temp\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (CyberLink PowerDVD 12 Media Server Service) -- C:\Programme\PowerDVD12\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink) SRV - (CLHNServiceForPowerDVD12) -- C:\Programme\PowerDVD12\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.) SRV - (CyberLink PowerDVD 12 Media Server Monitor Service) -- C:\Programme\PowerDVD12\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink) SRV - (ABBYY.Licensing.FineReader.Professional.11.0) -- C:\Programme\ABBYY FineReader 11\NetworkLicenseServer.exe (ABBYY) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (DokanMounter) -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe () SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iusb3xhc) Intel(R) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) Intel(R) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) Intel(R) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ACMoFlex64RD3) -- C:\Windows\SysNative\drivers\ACMoFlex64RD3.sys (Softwareentwicklung Remus - ArchiCrypt.com) DRV:64bit: - (Dokan) -- C:\Windows\SysNative\drivers\dokan.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (mirrorv3) -- C:\Windows\SysNative\drivers\rminiv3.sys (Famatech International Corp.) DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation) DRV:64bit: - (vhidmini) -- C:\Windows\SysNative\drivers\vHidDev.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (Abyssus) -- C:\Windows\SysNative\drivers\Abyssus.sys (Razer (Asia-Pacific) Pte Ltd) DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\drivers\BrSerIf.sys (Brother Industries Ltd.) DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Programme\PowerDVD12\PowerDVD12\Common\NavFilter\000.fcl (CyberLink Corp.) DRV - (ntk_PowerDVD12) -- C:\Programme\PowerDVD12\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys (Cyberlink Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 475801843 IE - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AD C1 C9 61 A3 1C CC 01 [binary data] IE - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A} IE - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..network.proxy.no_proxies_on: "local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files (x86)\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.05.08 19:14:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.24 16:32:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.05.12 14:10:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.24 16:32:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.12 14:10:26 | 000,000,000 | ---D | M] [2012.05.09 09:01:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Voigt\AppData\Roaming\mozilla\Extensions [2012.05.14 10:58:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Voigt\AppData\Roaming\mozilla\Firefox\Profiles\n92hw3xj.default\extensions [2012.05.14 10:58:39 | 000,023,087 | ---- | M] () (No name found) -- C:\USERS\VOIGT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N92HW3XJ.DEFAULT\EXTENSIONS\{5B52016C-D097-4AEC-BE61-9F129D8FDDBA}.XPI [2012.05.08 19:22:28 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml O1 HOSTS File: ([2012.07.23 12:40:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [68EA5EF11E002] C:\ProgramData\68EA5EF11E002\68EA5EF11E002.exe File not found O4 - HKLM..\Run: [68EA5EF2CD6B] C:\ProgramData\68EA5EF2CD6B\68EA5EF2CD6B.exe () O4 - HKLM..\Run: [Abyssus] C:\Programme\Razer Abyssus\razerhid.exe () O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-21-435027588-1902165278-2241592477-1000..\Run: [68EA5EF2CD6B] C:\ProgramData\68EA5EF2CD6B\68EA5EF2CD6B.exe () O4 - HKU\S-1-5-21-435027588-1902165278-2241592477-1000..\Run: [Infium] C:\Programme\QIP 2012 Jeak-Edition\qip.exe (QIP) O4 - HKU\S-1-5-21-435027588-1902165278-2241592477-1000..\RunOnce: [7531CCCB0059E9410308C7DCF875EF60] C:\ProgramData\7531CCCB0059E9410308C7DCF875EF60\7531CCCB0059E9410308C7DCF875EF60.exe () O4 - Startup: C:\Users\Voigt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Voigt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-435027588-1902165278-2241592477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEF89CC2-A147-4C17-A801-26A40303533D}: DhcpNameServer = O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.04 19:09:06 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum [2012.08.04 19:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\7531CCCB0059E9410308C7DCF875EF60 [2012.08.04 19:07:27 | 000,000,000 | ---D | C] -- C:\ProgramData\68EA5EF2CD6B [2012.08.04 19:03:43 | 000,000,000 | ---D | C] -- C:\_OTL [2012.08.04 16:56:44 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Voigt\Desktop\OTL.exe [2012.08.04 16:51:19 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA% [2012.08.04 16:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\68EA5EF11E002 [2012.07.30 00:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2012.07.29 16:20:05 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Local\4A Games [2012.07.28 17:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\eclipse [2012.07.28 17:10:09 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Local\Eclipse [2012.07.28 17:09:44 | 000,000,000 | ---D | C] -- C:\Users\Voigt\workspace [2012.07.27 20:53:05 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\BANDISOFT [2012.07.27 20:53:04 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Documents\Bandicam [2012.07.27 20:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam [2012.07.27 20:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Bandicam [2012.07.27 20:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1 [2012.07.27 20:21:38 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2 [2012.07.27 20:21:38 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2 [2012.07.27 20:06:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\directx [2012.07.27 20:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANNO 1602 Königs-Edition [2012.07.27 19:30:11 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Documents\ArmA 2 Other Profiles [2012.07.27 16:57:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2012.07.27 16:57:35 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2012.07.27 16:57:34 | 002,670,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2012.07.27 16:57:34 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2012.07.27 16:57:34 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll [2012.07.27 16:57:34 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll [2012.07.27 16:57:34 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2012.07.27 16:57:34 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2012.07.27 16:57:34 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll [2012.07.27 16:57:34 | 000,220,776 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll [2012.07.27 16:57:34 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2012.07.27 16:57:34 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2012.07.27 16:57:34 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2012.07.27 16:57:34 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll [2012.07.27 16:57:34 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll [2012.07.27 16:57:34 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll [2012.07.27 16:57:34 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2012.07.27 16:57:34 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll [2012.07.27 16:57:33 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2012.07.27 16:57:33 | 003,608,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2012.07.27 16:57:33 | 002,886,656 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat [2012.07.27 16:57:33 | 001,251,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2012.07.27 16:57:33 | 000,824,424 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2012.07.27 16:57:33 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2012.07.27 16:57:33 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2012.07.27 16:57:33 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2012.07.27 16:57:33 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2012.07.27 16:57:33 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2012.07.27 16:57:33 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2012.07.27 16:57:33 | 000,137,056 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2012.07.27 16:57:33 | 000,120,160 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2012.07.27 16:57:33 | 000,102,504 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll [2012.07.27 16:57:33 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2012.07.27 16:57:33 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2012.07.27 16:57:33 | 000,075,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2012.07.27 16:57:33 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll [2012.07.27 16:57:32 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2012.07.27 16:57:32 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2012.07.27 16:57:32 | 001,247,576 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll [2012.07.27 16:57:32 | 000,978,776 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2012.07.27 16:57:32 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll [2012.07.27 16:57:32 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2012.07.27 16:57:32 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2012.07.27 16:57:32 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2012.07.27 16:57:30 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2012.07.27 16:57:30 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2012.07.27 16:57:30 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2012.07.27 16:57:30 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll [2012.07.27 16:57:30 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll [2012.07.27 16:57:30 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll [2012.07.27 16:57:29 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2012.07.27 16:57:29 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2012.07.27 16:57:29 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2012.07.27 16:57:29 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2012.07.27 16:57:29 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2012.07.27 16:57:29 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2012.07.27 16:57:29 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2012.07.27 16:57:29 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2012.07.27 16:57:29 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2012.07.27 16:57:29 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2012.07.27 16:57:29 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2012.07.27 16:57:29 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2012.07.23 21:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewFeature1 [2012.07.23 20:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF [2012.07.23 20:32:12 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF Reader 2 [2012.07.23 20:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF [2012.07.23 20:30:57 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Nitro PDF [2012.07.23 20:30:47 | 000,029,712 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll [2012.07.23 20:30:47 | 000,017,936 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll [2012.07.23 20:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF [2012.07.23 20:29:54 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Downloaded Installations [2012.07.23 17:45:52 | 000,000,000 | --SD | C] -- C:\ComboFix [2012.07.23 17:45:45 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2012.07.23 12:41:23 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.07.23 12:40:32 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.07.23 12:34:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.07.21 23:14:01 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\xsecva [2012.07.21 22:59:39 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Local\NFS Underground 2 [2012.07.21 22:59:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES [2012.07.19 17:40:32 | 000,000,000 | ---D | C] -- C:\Users\Voigt\jagexcache [2012.07.18 16:02:29 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Documents\Hard Reset Extended [2012.07.16 21:19:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012.07.16 21:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA [2012.07.16 12:54:55 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Documents\Dust [2012.07.14 23:23:01 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll [2012.07.14 23:23:01 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll [2012.07.14 23:23:01 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll [2012.07.14 23:23:01 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll [2012.07.14 23:22:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5 [2012.07.14 23:19:31 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll [2012.07.14 23:19:31 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll [2012.07.14 23:19:31 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll [2012.07.14 23:19:31 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax [2012.07.14 23:19:31 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax [2012.07.14 23:19:31 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll [2012.07.14 23:19:31 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax [2012.07.14 23:19:31 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax [2012.07.14 23:19:31 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax [2012.07.14 23:19:31 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax [2012.07.14 23:19:31 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax [2012.07.14 23:19:31 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax [2012.07.14 23:19:31 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll [2012.07.14 23:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft [2012.07.14 23:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPER [2012.07.14 23:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft [2012.07.13 23:31:25 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Documents\ANNO 2070 [2012.07.13 22:47:23 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Local\Ubisoft Game Launcher [2012.07.13 22:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2012.07.13 22:33:44 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Ubisoft [2012.07.13 22:32:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2012.07.13 17:15:56 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Trine2 [2012.07.13 17:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam [2012.07.13 17:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam [2012.07.13 17:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam [2012.07.12 19:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Tournament G.O.T.Y. Edition [2012.07.12 19:33:08 | 000,000,000 | ---D | C] -- C:\UnrealTournament [2012.07.12 17:31:08 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Heaven [2012.07.12 17:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine [2012.07.12 17:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Heaven DX11 Benchmark 3.0 [2012.07.11 10:44:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.11 10:44:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.11 10:44:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.11 10:44:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.11 10:44:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.11 10:44:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.11 10:44:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.11 10:44:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.11 10:44:46 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.11 10:44:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.11 10:44:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.11 10:44:46 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.11 10:44:46 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.11 06:35:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.11 06:35:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.11 06:35:16 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.11 06:35:16 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.11 06:35:16 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.11 00:51:31 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\Red Alert 3 [2012.07.10 23:57:52 | 000,000,000 | ---D | C] -- C:\Users\Voigt\AppData\Roaming\tropico 4 [2012.07.08 19:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\StreamMyGame [2012.07.06 16:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\MagiWOL [2012.07.06 14:07:07 | 000,000,000 | ---D | C] -- C:\Users\Voigt\Documents\Remote Assistance Logs [2012.07.05 23:41:17 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [1 C:\Users\Voigt\Desktop\*.tmp files -> C:\Users\Voigt\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.04 19:17:01 | 001,613,166 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.04 19:17:01 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.04 19:17:01 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.04 19:17:01 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.04 19:17:01 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.04 19:12:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.04 19:10:35 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.04 19:10:34 | 000,003,072 | -H-- | M] () -- C:\Users\Voigt\AppData\Roaming\unlocker.dll [2012.08.04 19:10:33 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\QIPdater 2012.job [2012.08.04 19:09:07 | 000,022,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.04 19:09:07 | 000,022,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.04 19:09:06 | 000,002,052 | ---- | M] () -- C:\Users\Voigt\Desktop\Live Security Platinum.lnk [2012.08.04 16:56:45 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Voigt\Desktop\OTL.exe [2012.08.04 16:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.04 16:29:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.03 20:28:15 | 000,000,056 | ---- | M] () -- C:\Windows\kgt2k.INI [2012.08.03 16:49:27 | 011,136,244 | ---- | M] () -- C:\Users\Voigt\Desktop\MusterklausurLösung.rar [2012.08.03 00:31:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.03 00:31:04 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.23 12:40:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.07.19 17:48:14 | 000,000,024 | ---- | M] () -- C:\Users\Voigt\random.dat [2012.07.19 17:40:32 | 000,000,044 | ---- | M] () -- C:\Users\Voigt\jagex_cl_runescape_LIVE.dat [2012.07.14 23:12:07 | 000,116,854 | ---- | M] () -- C:\Users\Voigt\Desktop\League_of_Legends_LOGO.jpg [2012.07.14 23:08:48 | 344,989,520 | ---- | M] () -- C:\Users\Voigt\Desktop\ts3_recording_12_07_14_22_38_44.wav [2012.07.12 23:52:01 | 000,001,282 | ---- | M] () -- C:\Users\Voigt\Desktop\shutdown.lnk [2012.07.12 17:30:45 | 000,003,072 | ---- | M] () -- C:\Users\Voigt\AppData\Local\file__0.localstorage [2012.07.11 16:48:12 | 000,288,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.11 15:46:51 | 000,000,040 | ---- | M] () -- C:\ProgramData\ra3.ini [2012.07.08 18:00:06 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.07.08 18:00:06 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI [2012.07.06 11:10:58 | 000,007,608 | ---- | M] () -- C:\Users\Voigt\AppData\Local\Resmon.ResmonCfg [1 C:\Users\Voigt\Desktop\*.tmp files -> C:\Users\Voigt\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.04 19:09:06 | 000,002,052 | ---- | C] () -- C:\Users\Voigt\Desktop\Live Security Platinum.lnk [2012.08.04 16:45:24 | 000,003,072 | -H-- | C] () -- C:\Users\Voigt\AppData\Roaming\unlocker.dll [2012.08.03 20:12:56 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI [2012.08.03 16:49:25 | 011,136,244 | ---- | C] () -- C:\Users\Voigt\Desktop\MusterklausurLösung.rar [2012.07.27 16:57:33 | 000,272,629 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2012.07.23 20:32:14 | 000,002,487 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk [2012.07.19 17:40:32 | 000,000,044 | ---- | C] () -- C:\Users\Voigt\jagex_cl_runescape_LIVE.dat [2012.07.19 17:40:32 | 000,000,024 | ---- | C] () -- C:\Users\Voigt\random.dat [2012.07.14 23:23:01 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.07.14 23:19:31 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax [2012.07.14 23:19:31 | 000,195,584 | RHS- | C] () -- C:\Windows\SysWow64\MatroskaDX.ax [2012.07.14 23:19:31 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax [2012.07.14 23:19:31 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax [2012.07.14 23:19:31 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax [2012.07.14 23:19:31 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.07.14 23:19:31 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax [2012.07.14 23:19:31 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax [2012.07.14 23:19:31 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax [2012.07.14 23:19:31 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax [2012.07.14 23:19:31 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax [2012.07.14 23:12:07 | 000,116,854 | ---- | C] () -- C:\Users\Voigt\Desktop\League_of_Legends_LOGO.jpg [2012.07.14 22:38:51 | 344,989,520 | ---- | C] () -- C:\Users\Voigt\Desktop\ts3_recording_12_07_14_22_38_44.wav [2012.07.12 17:30:45 | 000,003,072 | ---- | C] () -- C:\Users\Voigt\AppData\Local\file__0.localstorage [2012.07.11 15:46:51 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2012.06.28 17:44:42 | 000,428,904 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.06.20 15:08:18 | 000,000,219 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.06.20 15:08:18 | 000,000,084 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.06.20 15:08:11 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2012.06.20 15:08:11 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.06.20 15:08:11 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.06.14 23:37:11 | 000,000,258 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2012.05.21 16:22:29 | 000,007,608 | ---- | C] () -- C:\Users\Voigt\AppData\Local\Resmon.ResmonCfg [2012.05.18 15:31:56 | 000,000,262 | ---- | C] () -- C:\Windows\game.ini [2012.05.17 15:14:42 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2012.05.17 15:14:42 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2012.05.17 15:14:42 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2012.05.17 14:27:12 | 000,000,224 | ---- | C] () -- C:\Windows\SIERRA.INI [2012.05.15 23:04:01 | 000,004,439 | ---- | C] () -- C:\Windows\jhbqq32.ini [2012.05.15 23:04:01 | 000,001,442 | ---- | C] () -- C:\Windows\cxpcqs-h48.ini [2012.05.08 21:14:34 | 000,281,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.05.08 21:14:34 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.05.08 20:02:52 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.05.08 19:14:34 | 001,641,574 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.08 18:12:09 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.05.08 18:12:09 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.05.08 18:05:49 | 000,057,494 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.05.08 18:04:35 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.05.08 18:04:29 | 000,040,555 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2011.01.10 14:49:16 | 000,035,840 | ---- | C] () -- C:\Windows\SysWow64\dokan.dll ========== LOP Check ========== [2012.05.11 19:04:29 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\.minecraft [2012.05.31 21:22:59 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\aacs [2012.05.08 19:04:28 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\ArchiCrypt Ultimate RAM-Disk3 [2012.05.13 16:06:15 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Ashampoo [2012.07.27 20:53:05 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\BANDISOFT [2012.06.04 21:13:46 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Cinspiration [2012.05.08 19:59:48 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\DAEMON Tools Lite [2012.07.23 20:31:16 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Downloaded Installations [2012.08.04 19:05:59 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Dropbox [2012.07.22 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\IrfanView [2012.05.08 18:30:32 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\jeak.de [2012.07.10 23:56:35 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Kalypso Media [2012.05.08 23:15:59 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\LolClient [2012.05.24 18:13:06 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\LolClient2 [2012.08.04 02:32:28 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Nitro PDF [2012.06.25 20:29:16 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Notepad++ [2012.05.08 18:05:07 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Opera [2012.05.08 20:20:34 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Origin [2012.05.08 21:13:59 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\QuickStoresToolbar [2012.06.13 20:30:55 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Radmin [2012.06.20 19:51:50 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\RapidShare [2012.07.11 00:53:39 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Red Alert 3 [2012.05.13 00:37:24 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\ScummVM [2012.06.19 14:27:28 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\six-updater [2012.06.13 14:14:26 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\six-zsync [2012.06.20 09:26:51 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Spirited Machine [2012.05.08 19:28:48 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\SplitMediaLabs [2012.06.13 19:53:48 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\TeamViewer [2012.05.09 15:50:47 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\The Creative Assembly [2012.07.13 17:15:56 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Trine2 [2012.08.02 02:48:33 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\tropico 4 [2012.06.13 19:47:38 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\TrueCrypt [2012.07.23 22:16:22 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\TS3Client [2012.05.17 18:41:15 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Tunngle [2012.07.13 22:33:44 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\Ubisoft [2012.08.03 20:04:41 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\uTorrent [2012.07.22 16:35:55 | 000,000,000 | ---D | M] -- C:\Users\Voigt\AppData\Roaming\xsecva [2012.07.06 11:38:56 | 000,000,000 | ---D | M] -- C:\Users\WG\AppData\Roaming\Opera [2012.07.24 18:50:59 | 000,000,000 | ---D | M] -- C:\Users\WG\AppData\Roaming\tropico 4 [2012.08.04 19:10:33 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\QIPdater 2012.job [2012.06.30 16:47:05 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.08.2012 19:30:44 - Run 4 OTL by OldTimer - Version Folder = C:\Users\Voigt\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,96 Gb Total Physical Memory | 12,98 Gb Available Physical Memory | 81,32% Memory free 31,91 Gb Paging File | 29,24 Gb Available in Paging File | 91,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 476,84 Gb Total Space | 103,94 Gb Free Space | 21,80% Space Free | Partition Type: NTFS Drive F: | 931,50 Gb Total Space | 164,07 Gb Free Space | 17,61% Space Free | Partition Type: NTFS Computer Name: VOIGTPC | User Name: Voigt | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 1 "AntiVirusDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3 "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit) "{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 304.79 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 304.79 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 304.79 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 304.79 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F9B292AE-1BA8-481B-9C09-1C5CABFB0E4C}" = Nitro Reader 2 "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager "ArchiCrypt Ultimate RAM-Disk3_is1" = ArchiCrypt Ultimate RAM-Disk 3 Version "JosipMedved_MagiWOL_is1" = MagiWOL 3.30 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "TeamSpeak 3 Client" = TeamSpeak 3 Client "Unigine Heaven DX11 Benchmark (Basic Edition)_is1" = Heaven DX11 Benchmark version 3.0 "Unlocker" = Unlocker 1.9.1-x64 "VLC media player" = VLC media player 2.0.1 "WinRAR archiver" = WinRAR 4.00 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{077A7810-A937-4465-AD08-ACED9807995F}" = ANNO 1602 Königs-Edition "{102E4D60-5A93-4A3C-8105-FE390427C60D}" = Sid Meier's Alpha Centauri 2000/XP Compatibility Update "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{23FA5F0A-04B3-4343-AA3E-C8BA6C3BADA6}" = RapidDrive "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4 "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot™ 3 "{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung SSD Magician "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{43430808-081A-4C0D-B7CC-601000018301}" = LOST PLANET 2 "{43430808-081A-4C0D-B7CC-601000018302}" = LOST PLANET 2 "{43430808-081A-4C0D-B7CC-601000018303}" = LOST PLANET 2 "{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-5490CN "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{68DED384-1F74-4AEE-8B8E-95AF15572FE3}" = Port Royale 3 "{6B1A1AD8-301F-46A8-9AB3-816AD02EE752}" = XSplit "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7302BD5B-B67D-4144-AA59-C60520C5FDC6}" = Six Updater "{737369DC-08E8-4787-A78C-F86943247BDF}" = LOST PLANET 2 "{746F49C9-3789-4F8E-AF3A-3A4B42ACFAF8}" = Spellforce 2 Gold "{77033683-0816-4D7D-8BF1-3949B4E9823D}" = Battlefield 3™ "{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3 "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F311E2E-C275-4CF0-8154-B63991832668}_is1" = SUPER © v2012.build.52 (July 7, 2012) Version v2012.build.52 "{8FDBE1E8-2922-4750-9E4B-6B28CA67DBBB}" = Unreal "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{AF364116-6A2F-43E6-9D12-901ACC3CDC00}" = ArmA II Launcher "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12 "{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070 "{B931991C-FA2F-4B73-8F48-43C20B7581DE}" = QIP 2012 7058 Jeak-Edition "{CBD6B23A-B54F-476A-9527-C262F469CACF}" = Razer Abyssus "{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2 "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F1100000-0011-0000-0001-074957833700}" = ABBYY FineReader 11 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "1489-3350-5074-6281" = JDownloader 0.9 "6103-4188-8184-5707" = RapidShare Manager 2 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.00 "Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced "ASIO4ALL" = ASIO4ALL "Axife Mouse Recorder DEMO_is1" = Axife Mouse Recorder DEMO 5.01 "Bandicam" = Bandicam "BandiMPEG1" = Bandisoft MPEG-1 Decoder "Battlelog Web Plugins" = Battlelog Web Plugins "BattlEye for A2" = BattlEye Uninstall "BattlEye for OA" = BattlEye for OA Uninstall "Civilization.V.GOTY.incl.Gods.and.Kings_is1" = Civilization.V.GOTY.incl.Gods.and.Kings "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11 "Counter-Strike 1.6 V35" = Counter-Strike 1.6 V35 "Diablo III" = Diablo III "DivX Setup" = DivX-Setup "DokanLibrary" = Dokan Library 0.6.0 "EasyBCD" = EasyBCD 2.1 "ESN Sonar-0.70.4" = ESN Sonar "Fraps" = Fraps (remove only) "InstallShield_{102E4D60-5A93-4A3C-8105-FE390427C60D}" = Sid Meier's Alpha Centauri 2000/XP Compatibility Update "InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12 "InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2 "IrfanView" = IrfanView (remove only) "MagniDriver" = marvell 91xx driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Opera 11.60.1185" = Opera 11.60 "Origin" = Origin "PunkBusterSvc" = PunkBuster Services "QIP 2012 7058 Jeak-Edition 4.0.7058" = QIP 2012 7058 Jeak-Edition "QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0 "ScummVM_is1" = ScummVM 1.4.1 "Sid Meier's Alpha Centauri" = Sid Meier's Alpha Centauri "Steam App 10" = Counter-Strike "Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes "Steam App 107100" = Bastion "Steam App 113200" = The Binding of Isaac "Steam App 203770" = Crusader Kings II "Steam App 208140" = Endless Space "Steam App 33460" = From Dust "Steam App 33910" = ARMA 2 "Steam App 33930" = ARMA 2: Operation Arrowhead "Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad "Steam App 35720" = Trine 2 "Steam App 43110" = Metro 2033 "Steam App 4700" = Medieval II: Total War "Steam App 4780" = Medieval II: Total War Kingdoms "Steam App 48000" = LIMBO "Steam App 57690" = Tropico 4 "Steam App 70400" = Recettear: An Item Shop's Tale "Steam App 80" = Counter-Strike: Condition Zero "Steam App 8980" = Borderlands "Steam App 9180" = Commander Keen Complete Pack "Steam App 98400" = Hard Reset "TeamViewer 7" = TeamViewer 7 "TechPowerUp GPU-Z" = TechPowerUp GPU-Z "TenomichiStreamer" = StreamMyGame software "TigerGame XBOX+PS2+GC Game Controller Adapter_is1" = TigerGame XBOX+PS2+GC Game Controller Adapter "TrueCrypt" = TrueCrypt "Tunngle beta_is1" = Tunngle beta "uTorrent" = µTorrent "Winamp" = Winamp ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-435027588-1902165278-2241592477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Live Security Platinum" = Live Security Platinum "Tropico 4" = Tropico 4 1.00 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 02.08.2012 08:07:09 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10 Description = Error - 02.08.2012 10:38:25 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10 Description = Error - 03.08.2012 10:14:11 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10 Description = Error - 03.08.2012 13:34:53 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10 Description = Error - 04.08.2012 10:27:53 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10 Description = Error - 04.08.2012 10:45:32 | Computer Name = VoigtPC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: regsvr32.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bca28 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x000300fa ID des fehlerhaften Prozesses: 0x858 Startzeit der fehlerhaften Anwendung: 0x01cd724fcbf16905 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\regsvr32.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 0a0f64a7-de43-11e1-a2df-c86000c152e4 Error - 04.08.2012 10:49:50 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10 Description = Error - 04.08.2012 13:06:23 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10 Description = Error - 04.08.2012 13:07:35 | Computer Name = VoigtPC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: regsvr32.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bca28 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x000300fa ID des fehlerhaften Prozesses: 0xd84 Startzeit der fehlerhaften Anwendung: 0x01cd7263a3eeae2d Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\regsvr32.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: e29786b8-de56-11e1-96cf-c86000c152e4 Error - 04.08.2012 13:14:44 | Computer Name = VoigtPC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 04.08.2012 13:12:53 | Computer Name = VoigtPC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?04.?08.?2012 um 19:10:33 unerwartet heruntergefahren. Error - 04.08.2012 13:12:53 | Computer Name = VoigtPC | Source = DCOM | ID = 10005 Description = Error - 04.08.2012 13:12:53 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 04.08.2012 13:12:53 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error - 04.08.2012 13:12:53 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error - 04.08.2012 13:12:54 | Computer Name = VoigtPC | Source = DCOM | ID = 10005 Description = Error - 04.08.2012 13:12:53 | Computer Name = VoigtPC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ACMoFlex64RD3 discache spldr sptd truecrypt Wanarpv6 Error - 04.08.2012 13:13:00 | Computer Name = VoigtPC | Source = DCOM | ID = 10005 Description = Error - 04.08.2012 13:13:01 | Computer Name = VoigtPC | Source = DCOM | ID = 10005 Description = Error - 04.08.2012 13:13:01 | Computer Name = VoigtPC | Source = DCOM | ID = 10005 Description = < End of report > Edit: ok, du hast schon geantwortet bevor mein Beitrag fertig wurde. Ja dachte auch schon ein PC neu aufsetzen, ich muss aber erstmal kurz weg. So PC ist neu installiert. Bloß gibt es zwei Probleme, und ich hab keine Ahnung woher die kommen. Erstens wenn ich Grafiktreiber installiere (egal ob letzter WHQL oder Beta) bleibt der Bildschirm beim nächsten Windows Start, nach dem Windows Bootlogo schwarz. Wenn ich danach im abgesicherten Modus starte, braucht das exrem lange, für jede DLL rund 1s, davor ging das in einem Rutsch durch. Zurzeit hab ich kein Grafiktreiber drauf. Ein zweites neues Aufsetzten hab ich auch schon probiert ohne Erfolg. Achja Onlinebanking mach ich, aber ich habe schon diesen Chipsatzreader. |
![]() | #5 |
GVU Trojaner Bin ich eigentlich zu blöd ein Edit Button zu finden, oder gibt es den hier nicht? Auf jeden Fall ist Rechner neu aufgesetzt und ich hab auch die Lösung zu einem meiner Probleme gefunden. (Fernseher ist als zweiter Bildschirm mit HDMI Kabel dran, wurde als Primäres Anzeigegerät genommen, und damit blieb mein zweiter Bildschirm schwarz.) Das zweite Problem, dass die .dll und .sys Dateien sehr langsam laden, wenn ich in abgesicherten Modus starte ist geblieben. Und auch manchmal auf gewissen Internetseite hackts manchmal ein bisschen. (Beim Scrollen zB.) oder auch öffnet Twitter nicht mehr einen Post sodass man twitpics und antworten zu dem Tweet anschauen kann. Liegt eventuell nur an aktueller Opera Version, aber ich würd gerne sicher gehen, nicht das sich doch noch ein Trojaner in den Sicherkopien versteckt hat, der nicht von Malwarebytes Anti Malware gefunden wurde. Daher würde ich gerne ein weitere Logauswertung erbitten. Ich denke mal wieder OTL, aber ich warte lieber noch auf Anweisungen.
![]() | #6 |
/// Malware-holic
GVU Trojaner hi sorry für die wartezeit, hast du genau nach anleitung formatiert, wurden also alle alten daten gelöscht?
__________________ --> GVU Trojaner |
![]() | #7 |
GVU Trojaner ok, dachte schon du hast mich vergessen. Naja viel stand ja in der Anleitung nicht, einfach meine Windows 7 DVD eingelegt, davon gebootet, in das Setup gegangen, meine SSD komplett gelöscht, in den unpartitionierten Speicherplatz Windows7 neu installert. SSD ist einzige Festplatte im PC, ansonsten hab ich nurnoch eine externe Festplatte und da hab ich Daten gesichert.
![]() | #8 |
GVU Trojaner Kommt da noch was? Oder gibt es wieder Probleme? Auf jedenfall das mit Browser und Twitter hat sich gelegt, bleibt nurnoch der abgesicherte Modus, dass da die .dll beim starten so lahm laden.
![]() | #9 |
/// Malware-holic
GVU Trojaner versuch noch mal zu formatieren, gibts evtl. treiber für die ssd? mainboard treiber instaliert?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
![]() |
Themen zu GVU Trojaner
.com, bho, browser, entfernen, error, excel, firefox, flash player, focus, format, google earth, helper, hotspot, hotspot shield, jdownloader, kaspersky, langs, launch, logfile, mozilla, netzwerk, nexus, nodrives, ntdll.dll, nvidia update, plug-in, realtek, registry, rundll, scan, security, server, software, super, teamspeak, trojaner, usb 3.0, virus, windows |