| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Wie entferne ich den Skype Virus ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.10.2012, 01:24
| #1 |
| |  Wie entferne ich den Skype Virus ? Guten Abend Community , Ich habe ein richtig großes Problem . Ich habe von einem Freund eine Nachricht mit diesem Satz und Link gesendet bekommen : -------------------------------- !!!!NICHT DRAUF KLICKEN !!!! --------------------------------- moin, kaum zu glauben was für schöne fotos von dir auf deinem profil? editiert --------------------------------- !!!!NICHT DRAUF KLICKEN !!!! --------------------------------- Auf jedenfall habe ich dann da drauf geklickt und Zack hat sich was heruntergeladen . Dann hatte ich eine .exe Datei auf dem Desktop . Ich wollte die Löschen , aber dann hat die sich aufeinmal geöffnet als ich sie im Papierkorb geschmissen habe . Meine Maus ging dann für ca. 3 min nicht mehr . Und der Link vom Virus hat sich dann an alle meine Freunde weiter geschickt . Somit habe auch ein paar Freunde von mir den Virus , weil die da draufgeklickt haben und dann geöffnet haben . Auf jedenfall habe ich dann meinen Taskmananger geöffnet und bei Prozessen nach etwas aufälliges gesucht . Und dann ist mir eine .exe mit diesem Namen ins Auge gefallen "1195" . Ich habe den Prozess dann beendet , und dann ging meine Maus wieder für ca. 3 min nicht. Dann 2 min später war wieder eine neue .exe da , Dieses mal mit diesem Namen "9C48" . Den habe ich dann auch beendet . Aber nichts ist passiert alles ist normal weiter gelaufen . Einige Minuten später , wurde der Link dann wieder an allen meinen Freunden geschickt . Nur dieses mal ist meine Maus wieder stehen geblieben und Skype hat sich geschlossen , aber ich war trotzdem noch in der Skypekonfi drin , und konnte auch noch mit meinen Freunden reden und die auch noch hören . Als ich dann in Skype von meinen Freunden angeschrieben wurde ,obwohl es immer noch geschlossen war . Habe ich versucht Skype wieder zu öffnen . Es wollte sich aber nicht mehr öffnen lassen . Ich habe dann meinen Pc heruntergefahren und wieder angeschaltet . Beim hochfahren hatte er schon echt Probleme . Und für ca, 1 Sekunde sah es so aus als ob mein Bildschirm kaputt war , Weil überall schwarz weiße Striche waren . Als der Pc dann endlich hochgefahren war . habe ich sofort wieder meinen Taskmanager geöffnet und dann sah ich für kurze Zeit eine .exe Namens krijng oder so (weiß ich nicht mehr so genau) Aber seit dem die .exe verschwunden ist . läuft wieder alles . Nur mein Computer ist extreme langsamer geworden und steht in der Skypekonfi manchmal kurz vor dem abstürzen . Und ich habe herausgefunden , dass sich der Virus immer wieder verändert . Ich hoffe ich habe es ausreichend beschrieben . Hoffe ihr könnt mir helfen . Grüße Desty Geändert von schrauber (28.10.2012 um 06:50 Uhr) |
|
28.10.2012, 06:44
| #2 | ||
| /// Helfer-Team    |  Wie entferne ich den Skype Virus ? Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter
2. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
3. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück! Nur bei Probleme inzwischen melden! Zitat:
__________________ |
|
28.10.2012, 11:31
| #3 |
| | Wie entferne ich den Skype Virus ? Hier sind die Logfiles von Malwarebytes :
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.27.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 DestyLP :: TOBIAS [Administrator] 28.10.2012 02:18:29 mbam-log-2012-10-28 (02-18-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 447441 Laufzeit: 1 Stunde(n), 30 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\System Volume Information\_restore{8566796C-5DC5-47C9-BD29-4BD6192609BA}\RP140\A0049161.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{8566796C-5DC5-47C9-BD29-4BD6192609BA}\RP140\A0049164.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\DestyLP\AppData\Roaming\1195.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\DestyLP\AppData\Roaming\9C48.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt. c:\users\destylp\desktop\lets play league of legends #4 \tobias\anwendungsdaten\loadtbs\ytdl.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 28.10.2012 11:36:30 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DestyLP\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 54,22% Memory free 7,00 Gb Paging File | 5,23 Gb Available in Paging File | 74,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,76 Gb Total Space | 242,06 Gb Free Space | 51,97% Space Free | Partition Type: NTFS Computer Name: TOBIAS | User Name: DestyLP | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\DestyLP\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\SRWare Iron\iron.exe (SRWare) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\hasplms.exe (SafeNet Inc.) PRC - C:\Gaming Mouse\Gaming 3.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Programme\SRWare Iron\libEGL.dll () MOD - C:\Programme\SRWare Iron\libGLESv2.dll () MOD - C:\Programme\SRWare Iron\avcodec-54.dll () MOD - C:\Programme\SRWare Iron\avformat-54.dll () MOD - C:\Programme\SRWare Iron\avutil-51.dll () MOD - C:\Gaming Mouse\Gaming 3.exe () ========== Services (SafeList) ========== SRV - (WinDefend) -- %ProgramFiles%\Windows Defender\mpsvc.dll File not found SRV - (gupdatem) -- File not found SRV - (gupdate) -- File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (xsherlock) -- C:\Windows\System32\xsherlock.xem (Wellbia.com Co., Ltd.) SRV - (Creative Audio Engine Licensing Service) -- C:\Programme\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Programme\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (SafeNet Inc.) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (xhunter1) -- C:\Windows\xhunter1.sys File not found DRV - (vtany) -- C:\Windows\vtany.sys File not found DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found DRV - (cpuz135) -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys File not found DRV - (mauti) -- C:\Windows\System32\drivers\fcakh.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (DFX11_1) -- C:\Windows\System32\drivers\dfx11_1.sys (Windows (R) Win 7 DDK provider) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (ovt519) -- C:\Windows\System32\drivers\ov519vid.sys (OmniVision Technologies, Inc.) DRV - (aksfridge) -- C:\Windows\System32\drivers\aksfridge.sys (SafeNet Inc.) DRV - (mcaudrv_simple) -- C:\Windows\System32\drivers\mcaudrv.sys (ManyCam LLC) DRV - (ManyCam) -- C:\Windows\System32\drivers\mcvidrv.sys (ManyCam LLC) DRV - (hardlock) -- C:\Windows\System32\drivers\hardlock.sys (SafeNet Inc.) DRV - (wod0205) -- C:\Windows\System32\drivers\wod0205.sys (WeOnlyDo Software) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (XENfiltv) -- C:\Windows\System32\drivers\XENfiltv.sys (Creative Technology Ltd.) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (sfdrv01) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (sfsync02) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (giveio) -- C:\Windows\System32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=112463&tt=120912_cpc_3812_4&babsrc=HP_ss&mntrId=fc3ed28d0000000000005404a69d717c IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=112463&tt=120912_cpc_3812_4&babsrc=HP_ss&mntrId=fc3ed28d0000000000005404a69d717c IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C 2A 5E 4D 2B 73 CD 01 [binary data] IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112463&tt=120912_cpc_3812_4&babsrc=SP_ss&mntrId=fc3ed28d0000000000005404a69d717c IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\DestyLP\AppData\LocalLow\Sony Online Entertainment\npsoe.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DestyLP\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DestyLP\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) [2012.09.22 22:44:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions ========== Chrome ========== CHR - homepage: hxxp://search.babylon.com/?affID=112463&tt=120912_cpc_3812_4&babsrc=HP_ss&mntrId=fc3ed28d0000000000005404a69d717c CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://search.babylon.com/?affID=112463&tt=120912_cpc_3812_4&babsrc=HP_ss&mntrId=fc3ed28d0000000000005404a69d717c CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DestyLP\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DestyLP\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\DestyLP\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DestyLP\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Users\DestyLP\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: SOE Web Installer (Enabled) = C:\Users\DestyLP\AppData\LocalLow\Sony Online Entertainment\npsoe.dll CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\DestyLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.3_0\ CHR - Extension: Chrome YouTube Downloader = C:\Users\DestyLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.11_0\ CHR - Extension: AdBlock = C:\Users\DestyLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Gaming 3] C:\Gaming Mouse\Gaming 3.exe () O4 - HKCU..\Run: [Rekskj] C:\Users\DestyLP\AppData\Roaming\Rekskj.exe (www.ABBYY.ru) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\DestyLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\DestyLP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DD8C69D-2591-4AF3-B30D-EB585BCBF6E8}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3d2237b3-c83a-11e1-a49b-5404a69d717c}\Shell - "" = AutoRun O33 - MountPoints2\{3d2237b3-c83a-11e1-a49b-5404a69d717c}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{79168113-04a6-11e2-b5c5-5404a69d717c}\Shell - "" = AutoRun O33 - MountPoints2\{79168113-04a6-11e2-b5c5-5404a69d717c}\Shell\AutoRun\command - "" = F:\INSTALL.EXE O33 - MountPoints2\{aad234f9-1aac-11e2-a978-5404a69d717c}\Shell - "" = AutoRun O33 - MountPoints2\{aad234f9-1aac-11e2-a978-5404a69d717c}\Shell\AutoRun\command - "" = E:\Autorun.exe O33 - MountPoints2\{ce41d082-cdf3-11e1-9f52-5404a69d717c}\Shell - "" = AutoRun O33 - MountPoints2\{ce41d082-cdf3-11e1-9f52-5404a69d717c}\Shell\AutoRun\command - "" = E:\CitiesXL2011.exe O33 - MountPoints2\{cfb02202-1486-11e2-bdb2-5404a69d717c}\Shell - "" = AutoRun O33 - MountPoints2\{cfb02202-1486-11e2-bdb2-5404a69d717c}\Shell\AutoRun\command - "" = E:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.28 11:31:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\DestyLP\Desktop\OTL.exe [2012.10.28 01:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.28 01:48:53 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.28 01:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.27 21:17:36 | 000,164,864 | ---- | C] (www.ABBYY.ru) -- C:\Users\DestyLP\AppData\Roaming\Rekskj.exe [2012.10.26 10:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warplanes [2012.10.26 10:57:49 | 000,000,000 | ---D | C] -- C:\Games [2012.10.24 20:27:17 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Roaming\SplitMediaLabs [2012.10.24 15:55:03 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\Desktop\NFS Part 7 [2012.10.24 15:54:30 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\Desktop\NFS Part 6 [2012.10.24 15:54:02 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\Desktop\NFS Part 5 [2012.10.24 15:53:07 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\Desktop\NFS Part 4 [2012.10.24 14:45:51 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\Desktop\NFS Part 3 [2012.10.24 14:45:32 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\Desktop\NFS Part 2 [2012.10.24 14:44:57 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\Desktop\NFS Part 1 [2012.10.24 10:52:25 | 019,906,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2012.10.24 10:52:25 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2012.10.24 10:52:25 | 010,837,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2012.10.24 10:52:25 | 007,697,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2012.10.24 10:52:25 | 006,127,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll [2012.10.24 10:52:25 | 002,574,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2012.10.24 10:52:25 | 001,867,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2012.10.22 21:08:51 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\Documents\NFS Most Wanted [2012.10.22 21:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES [2012.10.22 13:42:03 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts [2012.10.22 13:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2012.10.20 23:02:19 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Roaming\Avira [2012.10.20 22:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.20 22:59:34 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.10.20 22:59:31 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.10.20 22:59:31 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.10.20 22:59:31 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.10.20 22:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.10.20 22:59:28 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.10.20 22:37:41 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Roaming\Leadertech [2012.10.20 22:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games [2012.10.20 21:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes [2012.10.20 19:57:58 | 000,000,000 | R--D | C] -- C:\Users\DestyLP\Saved Games [2012.10.20 19:56:52 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mail.Ru [2012.10.20 18:55:21 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Local\Mail.Ru [2012.10.19 17:17:03 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Roaming\pokerth [2012.10.19 13:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA [2012.10.18 00:05:49 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Local\ElevatedDiagnostics [2012.10.17 18:12:21 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Local\Roblox [2012.10.17 18:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Roblox [2012.10.17 18:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Roblox [2012.10.17 10:31:50 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Local\CrashDumps [2012.10.16 19:21:55 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Roaming\TechSmith [2012.10.16 19:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith [2012.10.16 15:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy [2012.10.16 01:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Aladdin Shared [2012.10.15 23:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.10.15 23:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.10.15 23:35:01 | 000,000,000 | ---D | C] -- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..ZZZ....Z..Z [2012.10.15 22:26:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.10.15 22:26:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.10.15 22:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.10.15 22:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.10.15 22:25:11 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner [2012.10.15 22:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner [2012.10.15 22:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner [2012.10.15 22:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2012.10.15 11:04:11 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\.swt [2012.10.15 11:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.10.15 11:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.10.15 10:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBZEN [2012.10.14 22:50:41 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Local\theHunter [2012.10.14 22:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Hunter [2012.10.14 22:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge [2012.10.13 20:45:39 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Local\FalloutNV [2012.10.12 22:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab [2012.10.12 22:21:03 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\SystemRequirementsLab [2012.10.11 17:15:01 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Local\Criterion Games [2012.10.11 16:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2012.10.10 23:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Futuremark [2012.10.10 10:33:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.10.10 10:32:51 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012.10.10 10:32:51 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.10.10 10:32:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 10:32:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 10:32:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 10:32:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 10:32:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 10:32:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 10:32:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 10:32:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 10:32:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 10:32:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 10:32:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 10:32:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012.10.10 10:32:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 10:32:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 10:32:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012.10.10 10:32:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012.10.10 10:32:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 10:32:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 10:32:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 10:32:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 10:32:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 10:32:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 10:32:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012.10.10 10:32:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 10:32:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 10:32:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 10:32:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012.10.10 10:32:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012.10.10 10:32:08 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.10.10 10:32:07 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.10.09 21:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\Dotjosh Studios [2012.10.08 17:59:47 | 000,666,720 | ---- | C] (Wellbia.com Co., Ltd.) -- C:\Windows\System32\xsherlock.xem [2012.10.07 21:36:17 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2012.10.07 20:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2012.10.07 20:36:05 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps [2012.10.07 20:36:05 | 000,000,000 | ---D | C] -- C:\Fraps [2012.10.07 14:17:06 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\Desktop\TRAILER [2012.10.07 13:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron [2012.10.07 13:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\SRWare Iron [2012.10.07 10:10:48 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Roaming\Apple Computer [2012.10.06 20:29:25 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\Documents\CyberLink [2012.10.06 20:24:33 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Roaming\CyberLink [2012.10.06 20:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.10.06 20:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012.10.06 20:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.10.06 19:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.10.06 19:58:54 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Local\Apple [2012.10.06 19:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2012.10.06 19:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.10.06 19:58:23 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 11 [2012.10.06 19:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink [2012.10.06 19:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2012.10.06 19:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap [2012.10.06 19:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2012.10.05 23:52:56 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2 [2012.10.05 23:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2 [2012.10.05 23:52:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line [2012.10.05 23:52:26 | 001,554,944 | ---- | C] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\System32\vorbis.acm [2012.10.05 23:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line [2012.10.04 20:19:04 | 000,000,000 | R--D | C] -- C:\Users\DestyLP\Dropbox [2012.10.04 20:17:20 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.10.04 16:13:15 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Program Files [2012.10.04 16:13:07 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Roaming\Creative [2012.10.04 16:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative Labs Shared [2012.10.04 15:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity [2012.10.03 14:09:22 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Roaming\.techniclauncher [2012.10.03 13:52:33 | 000,000,000 | R--D | C] -- C:\Users\DestyLP\Searches [2012.10.02 15:34:53 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\.MCReferenceSdk [2012.10.02 15:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Geevs [2012.10.02 15:32:54 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Local\SafeNet Sentinel [2012.10.02 15:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SafeNet Sentinel [2012.10.02 15:32:36 | 004,941,768 | ---- | C] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe [2012.10.02 15:32:36 | 004,941,768 | ---- | C] (SafeNet Inc.) -- C:\Windows\System32\aksllmtp.exe [2012.10.02 15:32:35 | 000,362,496 | ---- | C] (SafeNet Inc.) -- C:\Windows\System32\drivers\aksfridge.sys [2012.10.02 15:32:14 | 000,596,424 | ---- | C] (SafeNet Inc.) -- C:\Windows\System32\drivers\hardlock.sys [2012.10.02 15:32:14 | 000,198,088 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hlvdd.dll [2012.10.02 12:15:52 | 000,430,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe [2012.09.30 19:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\DFX [2012.09.30 19:53:58 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Local\DFX [2012.09.30 19:52:52 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Roaming\vlc [2012.09.30 15:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonSG [2012.09.30 15:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon [2012.09.30 15:05:47 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Roaming\DivX [2012.09.30 15:05:38 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Local\CSO [2012.09.30 14:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IAHGames [2012.09.30 11:46:32 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Roaming\.minecraft [2012.09.30 11:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.09.30 11:46:00 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.09.30 11:45:51 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.09.30 11:45:51 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.09.30 11:45:51 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.09.28 12:04:36 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Local\Solid State Networks [2012.09.28 12:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\MeteorEntertainment [2012.09.28 12:04:30 | 000,000,000 | ---D | C] -- C:\Users\DestyLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Meteor Entertainment [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.28 11:31:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DestyLP\Desktop\OTL.exe [2012.10.28 11:19:39 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\fcakh.sys [2012.10.28 11:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.28 11:03:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1292461301-4129022640-1996398036-1000UA.job [2012.10.28 11:01:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.28 01:49:04 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.28 00:55:37 | 000,199,353 | ---- | M] () -- C:\Users\DestyLP\Desktop\Skype_Virus.png [2012.10.27 21:38:49 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.27 21:38:49 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.27 21:37:46 | 000,707,472 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.27 21:37:46 | 000,661,090 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.27 21:37:46 | 000,153,064 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.27 21:37:46 | 000,125,280 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.27 21:30:50 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.27 21:30:50 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{A69F001A-D6D0-484E-8C81-EAB647AB352D}.job [2012.10.27 21:30:29 | 2817,875,968 | -HS- | M] () -- C:\hiberfil.sys [2012.10.27 21:17:36 | 000,164,864 | ---- | M] (www.ABBYY.ru) -- C:\Users\DestyLP\AppData\Roaming\Rekskj.exe [2012.10.27 15:03:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1292461301-4129022640-1996398036-1000Core.job [2012.10.26 10:57:59 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\World of Warplanes.lnk [2012.10.25 19:33:31 | 051,373,632 | ---- | M] () -- C:\Users\DestyLP\Desktop\Produce_0.m2ts [2012.10.25 18:05:53 | 011,657,640 | ---- | M] () -- C:\Users\DestyLP\Desktop\IMGP1297.AVI [2012.10.25 15:11:17 | 000,001,390 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk [2012.10.25 13:09:08 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.25 13:09:08 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.22 21:06:40 | 000,002,155 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk [2012.10.22 13:55:15 | 000,138,184 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.10.22 13:42:03 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk [2012.10.22 13:41:41 | 000,001,946 | ---- | M] () -- C:\Windows\System32\ealregsnapshot1.reg [2012.10.22 13:20:01 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed™ Undercover.lnk [2012.10.20 23:35:04 | 000,001,019 | ---- | M] () -- C:\Users\DestyLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.10.20 22:59:44 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.19 17:30:22 | 000,005,632 | ---- | M] () -- C:\Users\DestyLP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.16 01:36:15 | 003,680,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.16 00:00:25 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.10.15 22:26:46 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.15 22:25:11 | 000,001,055 | ---- | M] () -- C:\Users\DestyLP\Desktop\Eusing Free Registry Cleaner.lnk [2012.10.14 23:04:01 | 000,011,866 | ---- | M] () -- C:\Users\DestyLP\AppData\Roaming\TheHunterSettings_live.bin [2012.10.14 22:01:26 | 000,139,152 | ---- | M] () -- C:\Users\DestyLP\AppData\Roaming\PnkBstrK.sys [2012.10.12 22:15:11 | 000,000,080 | ---- | M] () -- C:\Users\DestyLP\AppData\Local\X-Plane Installer.prf [2012.10.12 22:12:33 | 000,000,015 | ---- | M] () -- C:\Users\DestyLP\AppData\Local\X-Plane_drm.prf [2012.10.11 09:05:39 | 000,002,467 | ---- | M] () -- C:\Users\DestyLP\Desktop\Google Chrome.lnk [2012.10.10 00:41:06 | 000,000,011 | R--- | M] () -- C:\Windows\amunres.lsl [2012.10.08 17:59:47 | 000,666,720 | ---- | M] (Wellbia.com Co., Ltd.) -- C:\Windows\System32\xsherlock.xem [2012.10.07 20:36:05 | 000,000,578 | ---- | M] () -- C:\Users\DestyLP\Desktop\Fraps.lnk [2012.10.07 13:16:57 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\SRWare Iron.lnk [2012.10.06 20:00:36 | 000,001,827 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.10.04 20:19:04 | 000,001,009 | ---- | M] () -- C:\Users\DestyLP\Desktop\Dropbox.lnk [2012.10.04 16:08:50 | 000,000,304 | RH-- | M] () -- C:\Windows\ctfile.rfc [2012.10.04 16:08:19 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2012.10.04 16:08:19 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2012.10.04 15:58:33 | 000,000,975 | ---- | M] () -- C:\Users\DestyLP\Desktop\Audacity.lnk [2012.10.02 23:20:00 | 019,906,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2012.10.02 23:20:00 | 017,559,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2012.10.02 23:20:00 | 015,309,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll [2012.10.02 23:20:00 | 012,501,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll [2012.10.02 23:20:00 | 010,837,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2012.10.02 23:20:00 | 007,697,768 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2012.10.02 23:20:00 | 006,127,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll [2012.10.02 23:20:00 | 002,574,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2012.10.02 23:20:00 | 002,428,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll [2012.10.02 23:20:00 | 001,867,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2012.10.02 23:20:00 | 001,009,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll [2012.10.02 23:20:00 | 000,888,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco32.dll [2012.10.02 23:20:00 | 000,012,865 | ---- | M] () -- C:\Windows\System32\nvinfo.pb [2012.10.02 20:29:41 | 002,557,288 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll [2012.10.02 20:29:41 | 000,108,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll [2012.10.02 20:29:41 | 000,062,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll [2012.10.02 20:29:22 | 002,853,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll [2012.10.02 20:28:53 | 003,965,288 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll [2012.10.02 12:15:52 | 000,430,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe [2012.10.01 16:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.09.30 11:45:40 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.09.30 11:45:40 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.09.30 11:45:40 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.09.30 11:45:40 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.09.30 11:45:40 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.09.30 11:45:40 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.09.30 11:43:08 | 000,263,186 | ---- | M] () -- C:\Users\DestyLP\Desktop\Minecraft.exe [2012.09.29 18:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.28 22:44:31 | 000,002,438 | ---- | M] () -- C:\Users\DestyLP\Desktop\Hawken.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.28 11:19:39 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\fcakh.sys [2012.10.28 01:49:04 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.28 00:55:34 | 000,199,353 | ---- | C] () -- C:\Users\DestyLP\Desktop\Skype_Virus.png [2012.10.26 10:57:59 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\World of Warplanes.lnk [2012.10.25 19:22:50 | 051,373,632 | ---- | C] () -- C:\Users\DestyLP\Desktop\Produce_0.m2ts [2012.10.25 18:03:01 | 011,657,640 | ---- | C] () -- C:\Users\DestyLP\Desktop\IMGP1297.AVI [2012.10.22 21:06:40 | 000,002,155 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk [2012.10.22 13:55:56 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2012.10.22 13:55:15 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.10.22 13:47:05 | 000,183,112 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2012.10.22 13:42:03 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk [2012.10.22 13:20:01 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed™ Undercover.lnk [2012.10.20 23:35:04 | 000,001,019 | ---- | C] () -- C:\Users\DestyLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.10.20 22:59:44 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.16 01:34:32 | 003,680,072 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.15 22:26:46 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.15 22:25:11 | 000,001,055 | ---- | C] () -- C:\Users\DestyLP\Desktop\Eusing Free Registry Cleaner.lnk [2012.10.14 22:51:40 | 000,011,866 | ---- | C] () -- C:\Users\DestyLP\AppData\Roaming\TheHunterSettings_live.bin [2012.10.14 22:01:26 | 000,139,152 | ---- | C] () -- C:\Users\DestyLP\AppData\Roaming\PnkBstrK.sys [2012.10.12 22:12:33 | 000,000,015 | ---- | C] () -- C:\Users\DestyLP\AppData\Local\X-Plane_drm.prf [2012.10.12 22:10:32 | 000,000,080 | ---- | C] () -- C:\Users\DestyLP\AppData\Local\X-Plane Installer.prf [2012.10.11 16:21:00 | 000,001,946 | ---- | C] () -- C:\Windows\System32\ealregsnapshot1.reg [2012.10.10 00:41:06 | 000,000,011 | R--- | C] () -- C:\Windows\amunres.lsl [2012.10.09 21:47:58 | 000,001,390 | ---- | C] () -- C:\Users\Public\Desktop\DayZ Commander.lnk [2012.10.07 20:36:05 | 000,000,578 | ---- | C] () -- C:\Users\DestyLP\Desktop\Fraps.lnk [2012.10.07 13:16:57 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\SRWare Iron.lnk [2012.10.06 20:00:36 | 000,001,827 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.10.06 19:58:52 | 000,002,563 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.10.04 20:19:04 | 000,001,009 | ---- | C] () -- C:\Users\DestyLP\Desktop\Dropbox.lnk [2012.10.04 15:58:33 | 000,000,987 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2012.10.04 15:58:33 | 000,000,975 | ---- | C] () -- C:\Users\DestyLP\Desktop\Audacity.lnk [2012.09.30 11:43:07 | 000,263,186 | ---- | C] () -- C:\Users\DestyLP\Desktop\Minecraft.exe [2012.09.28 22:44:31 | 000,002,438 | ---- | C] () -- C:\Users\DestyLP\Desktop\Hawken.lnk [2012.09.08 10:42:58 | 000,002,169 | ---- | C] () -- C:\Windows\XENcfg.ini [2012.09.08 10:42:58 | 000,000,388 | ---- | C] () -- C:\Windows\XENMCcfg.ini [2012.08.27 17:13:03 | 000,877,747 | ---- | C] () -- C:\Users\DestyLP\AppData\Local\Tempmusic.ogg [2012.08.20 23:02:24 | 000,004,266 | ---- | C] () -- C:\Windows\System32\wbers.dat [2012.07.22 18:24:58 | 000,000,095 | ---- | C] () -- C:\Users\DestyLP\AppData\Local\fusioncache.dat [2012.07.13 15:18:04 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2012.07.05 15:24:40 | 000,032,434 | ---- | C] () -- C:\Windows\System32\xfiXen.ini [2012.07.05 15:24:29 | 000,186,880 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2012.07.05 15:24:29 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2012.07.02 16:47:41 | 000,000,066 | ---- | C] () -- C:\Windows\System32\MASHTWTY.SYS [2012.06.28 21:14:57 | 000,005,632 | ---- | C] () -- C:\Users\DestyLP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.07 20:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll [2011.05.30 14:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll ========== ZeroAccess Check ========== [2012.09.05 11:57:52 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.18 20:19:41 | 000,000,000 | ---D | M] -- C:\Users\DestyLP\AppData\Roaming\.minecraft [2012.10.04 18:02:34 | 000,000,000 | ---D | M] -- C:\Users\DestyLP\AppData\Roaming\.techniclauncher [2012.09.07 23:26:49 | 000,000,000 | ---D | M] -- C:\Users\DestyLP\AppData\Roaming\Artweaver Free [2012.10.28 00:52:44 | 000,000,000 | ---D | M] -- C:\Users\DestyLP\AppData\Roaming\Audacity [2012.09.22 22:44:40 | 000,000,000 | ---D | M] -- C:\Users\DestyLP\AppData\Roaming\Babylon [2012.09.23 17:17:33 | 000,000,000 | ---D | M] -- C:\Users\DestyLP\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.10.27 21:31:43 | 000,000,000 | ---D | M] -- C:\Users\DestyLP\AppData\Roaming\Dropbox [2012.09.16 21:05:35 | 000,000,000 | ---D | M] -- C:\Users\DestyLP\AppData\Roaming\GlarySoft [2012.10.06 00:13:46 | 000,000,000 | ---D | M] -- C:\Users\DestyLP\AppData\Roaming\IrfanView [2012.10.20 22:37:41 | 000,000,000 | ---D | M] -- C:\Users\DestyLP\AppData\Roaming\Leadertech [2012.09.05 12:15:33 | 000,000,000 | ---D | M] -- C:\Users\DestyLP\AppData\Roaming\LolClient [2012.09.23 17:33:31 | 000,000,000 | ---D | M] -- C:\Users\DestyLP\AppData\Roaming\MAXON [2012.10.15 23:35:01 | 000,000,000 | ---D | M] -- C:\Users\DestyLP\AppData\Roaming\Notepad++ [2012.10.23 14:49:06 | 000,000,000 | ---D | M] -- C:\Users\DestyLP\AppData\Roaming\Origin [2012.10.19 17:17:03 | 000,000,000 | ---D | M] -- C:\Users\DestyLP\AppData\Roaming\pokerth [2012.09.22 22:42:02 | 000,000,000 | ---D | M] -- C:\Users\DestyLP\AppData\Roaming\SendSpace [2012.09.24 18:08:27 | 000,000,000 | ---D | M] -- C:\Users\DestyLP\AppData\Roaming\six-zsync [2012.10.24 20:27:17 | 000,000,000 | ---D | M] -- C:\Users\DestyLP\AppData\Roaming\SplitMediaLabs [2012.10.16 19:21:55 | 000,000,000 | ---D | M] -- C:\Users\DestyLP\AppData\Roaming\TechSmith [2012.10.26 13:27:43 | 000,000,000 | ---D | M] -- C:\Users\DestyLP\AppData\Roaming\wargaming.net ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.10.2012 11:36:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DestyLP\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 54,22% Memory free
7,00 Gb Paging File | 5,23 Gb Available in Paging File | 74,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 242,06 Gb Free Space | 51,97% Space Free | Partition Type: NTFS
Computer Name: TOBIAS | User Name: DestyLP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\KOS\game_sting_pak\sting.exe" = C:\KOS\game_sting_pak\sting.exe:*:Enabled:½ºÆÿ¶óÀÎ
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9E4951DD-155A-4E92-83B2-F0F18490577B}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{ADF83718-7099-42C5-88F3-384B43232B51}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F9967E-C183-4D09-955C-0D9FF1256623}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\c9\c9.exe |
"{09DACF41-A311-4B8A-B3E5-22B00977FB70}" = protocol=17 | dir=in | app=c:\program files\iahgames\counter-strike online\bin\nmservice.exe |
"{0BB728D2-0C90-4686-87A8-BBF6A479C0E5}" = protocol=17 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe |
"{0DAEB6AE-D2D0-4E57-AF25-E0E07223565C}" = protocol=6 | dir=in | app=c:\users\destylp\appdata\roaming\dropbox\bin\dropbox.exe |
"{0DE233D8-D43E-4123-B176-871BD88FCB28}" = protocol=17 | dir=in | app=c:\users\destylp\desktop\x-plane 10-demo\x-plane.exe |
"{0E7E5C81-4BE3-4056-89EA-CF69D780A3F7}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{1D64C0E1-83BC-4218-BD16-B05712479997}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{1EBDCFCC-E999-42A1-AC91-525702AA5B1F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\c9\c9mappingaccount.exe |
"{23A4207D-1E8E-416B-8EC2-57B1F5709F82}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{23F6008C-EF01-47B9-A649-6626EF637B83}" = protocol=6 | dir=in | app=c:\program files\iahgames\counter-strike online\bin\cstrike-online.exe |
"{2829A9B3-29B3-453D-97AB-1E085B6A60EB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{28E7E187-1400-4CC8-8A8E-A22348A3DAE9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2D07E458-31E7-4186-B31D-F0E696FB4295}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\carrier command gaea mission demo\carrier_demo.exe |
"{2FE97459-ED7D-4F77-A14A-8928BF898906}" = protocol=17 | dir=in | app=c:\users\destylp\appdata\roaming\dropbox\bin\dropbox.exe |
"{3B55AB01-C935-49F3-B50A-3C11BFC444DA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\game_launcher.exe |
"{415D4F67-3EA4-4062-A2E5-91235D66FF6E}" = protocol=17 | dir=in | app=c:\program files\lightworks\lightworks.exe |
"{4334EA52-E1EA-4C6E-873D-02EEC280A47D}" = protocol=17 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
"{433BF021-9C8A-44B3-B2FF-14997460BD5B}" = protocol=17 | dir=in | app=c:\program files\lightworks\ntcardvt.exe |
"{4684A6C6-CC52-416E-88C0-1C37DEBD5BC7}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{468E86C4-6A37-44D5-A4D8-A5CD7A0FB3B4}" = protocol=17 | dir=in | app=c:\users\destylp\appdata\roaming\dropbox\bin\dropbox.exe |
"{4721B604-D947-4FBD-AE44-36C36561FD47}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\raceroom racing experience\rrrlauncher.exe |
"{54571F31-72E5-4952-91C6-81BC6814FEB7}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{56ED124D-A9E9-4DC1-81D8-2794E7E5A7AD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{584D0901-EAB6-4065-ACD9-5FEA2066321D}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{5967F152-70C2-46F8-A22F-AEB1EA06BC43}" = dir=in | app=c:\program files\cyberlink\powerdirector11\pdr10.exe |
"{5AFCC2A9-5ACB-4695-8F95-7FFA2B550B03}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{5B902CFD-461C-4019-8F1D-E00E13C92D22}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\game_launcher.exe |
"{5BBFA917-0B20-462E-9967-41ECBC1DE571}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\carrier command gaea mission demo\carrier_demo.exe |
"{63C2F934-E195-4639-8312-7AA1C8841103}" = protocol=17 | dir=in | app=c:\users\destylp\appdata\roaming\spotify\spotify.exe |
"{700231EB-52A6-41EB-99B3-D47056A020CE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{755A6536-B5C5-4BD5-8CB0-E8AB2320621F}" = protocol=17 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe |
"{7C37A3AB-A707-4475-9A13-1DD954758B98}" = protocol=6 | dir=in | app=c:\users\destylp\appdata\roaming\spotify\spotify.exe |
"{7DCAC2A6-6CA4-4CBC-BE21-9A9BD80C3B4D}" = protocol=6 | dir=in | app=c:\users\destylp\appdata\roaming\spotify\spotify.exe |
"{81286811-4E66-4553-BFD4-3D0E18422618}" = protocol=17 | dir=in | app=c:\program files\paranormal\binaries\win32\udk.exe |
"{85704268-F622-4B6C-81B2-B8232BEA70C5}" = protocol=6 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
"{85722EE3-15BD-4D6B-867A-F26FB2781288}" = protocol=6 | dir=in | app=c:\users\destylp\appdata\roaming\dropbox\bin\dropbox.exe |
"{88736050-9105-446F-932B-64E0E0B8F7F4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8C851903-B1A0-40B9-9D35-56F5DBB76D5F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{8CA6E223-9B97-4892-95E5-C23E6D859E81}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{93D95A5E-4460-4431-ABCE-4A93F1AEB8E9}" = protocol=17 | dir=in | app=c:\users\destylp\appdata\roaming\spotify\spotify.exe |
"{99E325CC-83C5-44CE-8FA1-EE197F9EB6C5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\c9\c9mappingaccount.exe |
"{9D18A37E-332C-4DF0-8B5D-2356D9FF8E02}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9FBECACC-077B-4D5D-932B-709FFCB90D7B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{A1062A49-6F54-459E-B375-2B29AA78452E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\warincbattlezone\rsupdate.exe |
"{A202A9D7-2344-452B-8DB5-8B3CBAC8A266}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{A500EE7C-272E-42A3-A632-312048F5C926}" = protocol=17 | dir=in | app=c:\program files\iahgames\counter-strike online\bin\cstrike-online.exe |
"{A65EDC21-53E3-4D56-94F0-3B37B9EDA145}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\c9\c9.exe |
"{A77D59C7-A06D-49B0-B275-DF35533322DB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{AE5DF254-A80C-472B-9747-972D4D0392E0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\world of goo\worldofgoo.exe |
"{AE8A64BF-235E-4C49-B490-72C5F16D4522}" = protocol=6 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe |
"{B18408BC-C51E-419F-BE7A-A7F85BBD7A66}" = protocol=6 | dir=in | app=c:\program files\lightworks\lightworks.exe |
"{B283258D-B65A-4865-830A-C56EB33FB6E0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{B56E7562-790F-4872-9295-F7CF2A2F24E6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5C5166F-425B-41B3-8302-87DBC06171DD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{C15CAA7B-8812-4E4D-857E-78F231CF3D76}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C4E9436C-0120-443A-9366-CFD2FBC06E7E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C7090CF0-B0DD-4B11-AD0C-19C5B3518561}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{CB597B66-C68D-40FE-BCD5-895A329FAA9E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{CCB9CE12-39FB-4FAE-973B-87698657F987}" = protocol=6 | dir=in | app=c:\program files\lightworks\ntcardvt.exe |
"{CD2FEB3E-77D3-46F8-9A55-6274A4C37585}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\warincbattlezone\rsupdate.exe |
"{CE2546CB-B02E-4843-BD8B-6377D3143041}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\raceroom racing experience\rrrlauncher.exe |
"{D37DE13B-99DA-4A37-8650-0355ED480214}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{DC09D0FA-97F1-471F-BABB-10B035BB1053}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\world of goo\worldofgoo.exe |
"{E1AEDA61-B466-4FD9-9A0A-2DBA7E9E8F19}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{EB5985DE-D986-4B81-B209-DB73A4526C4C}" = protocol=6 | dir=in | app=c:\users\destylp\desktop\x-plane 10-demo\x-plane.exe |
"{EC4A41AD-D2C7-4E3D-B96B-1754555596E6}" = protocol=6 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe |
"{ECA0792E-0472-4A49-91FA-B0CFA7C31BFF}" = protocol=6 | dir=in | app=c:\program files\iahgames\counter-strike online\bin\nmservice.exe |
"{EEA3B5EA-454E-4A45-9187-AF90B3335E6A}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F64DD200-0937-480A-BB39-0644F7EE8E58}" = protocol=6 | dir=in | app=c:\program files\paranormal\binaries\win32\udk.exe |
"{FDC4FC7C-75C0-4551-9A8B-EA8198CA69D6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\supercratebox\supercratebox.exe |
"{FF918F39-5BF5-44E8-94B1-B8794433B2AE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\supercratebox\supercratebox.exe |
"TCP Query User{06F6B11C-2486-422C-9905-01D4645ABAED}C:\program files\six networks\play withsix\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files\six networks\play withsix\tools\bin\rsync.exe |
"TCP Query User{1E7606A7-2260-4CE7-99C9-189E5EABB23E}C:\program files\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe" = protocol=6 | dir=in | app=c:\program files\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe |
"TCP Query User{262A5321-80AD-47C6-9B88-C85B0B45FF62}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{262F8CE0-8B8E-4E8D-BF6B-FD65BD831F5D}C:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{294521B7-7459-4F70-8D13-42F152CD5791}C:\users\destylp\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe" = protocol=6 | dir=in | app=c:\users\destylp\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe |
"TCP Query User{3B8ED9F6-E5F6-426C-920D-A3F215D08DCF}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{53B9C101-26CA-4F8F-BA96-CCFC441EEDB2}C:\games\world_of_warplanes\worldofwarplanes.exe" = protocol=6 | dir=in | app=c:\games\world_of_warplanes\worldofwarplanes.exe |
"TCP Query User{55382A8D-DCCE-4A55-B99B-D1F7C67B1137}C:\program files\paranormal\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\program files\paranormal\binaries\win32\udk.exe |
"TCP Query User{74876F59-915B-4894-A966-D5BC5ECDD54F}C:\users\destylp\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe" = protocol=6 | dir=in | app=c:\users\destylp\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe |
"TCP Query User{79518540-E959-4933-B98A-D79D583308E3}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{923B5F13-5333-4F1D-A9FF-AE3354B64C3A}C:\users\destylp\desktop\x-plane 10-demo\x-plane.exe" = protocol=6 | dir=in | app=c:\users\destylp\desktop\x-plane 10-demo\x-plane.exe |
"TCP Query User{A366F90D-CFA3-4B94-9C3C-FA0C98DAA864}C:\users\destylp\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\users\destylp\documents\arma 2\expansion\beta\arma2oa.exe |
"TCP Query User{A4A0EEEE-D164-4721-BEF8-B39BD1FA46FD}C:\kos\game_sting_pak\sting.exe" = protocol=6 | dir=in | app=c:\kos\game_sting_pak\sting.exe |
"TCP Query User{E7CFA396-3E8E-433D-A6F7-E371E6CD25AA}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{31F71079-2B67-4DB2-B816-D74C670E4278}C:\users\destylp\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe" = protocol=17 | dir=in | app=c:\users\destylp\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe |
"UDP Query User{3309EF65-BDE6-4F3E-9AC8-1BF1B2D50EE0}C:\program files\six networks\play withsix\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files\six networks\play withsix\tools\bin\rsync.exe |
"UDP Query User{7149476B-7B1D-47C5-8EA0-793579D23E22}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{7A2A0D8D-B0DE-4163-82CB-AAF5E5D4B31D}C:\users\destylp\desktop\x-plane 10-demo\x-plane.exe" = protocol=17 | dir=in | app=c:\users\destylp\desktop\x-plane 10-demo\x-plane.exe |
"UDP Query User{8124C558-F892-48D1-9ED9-0891557348CC}C:\games\world_of_warplanes\worldofwarplanes.exe" = protocol=17 | dir=in | app=c:\games\world_of_warplanes\worldofwarplanes.exe |
"UDP Query User{84FA9958-286A-4C75-B140-937252C14C11}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{925671C8-BD65-4987-89DD-F44BFB81D5FB}C:\kos\game_sting_pak\sting.exe" = protocol=17 | dir=in | app=c:\kos\game_sting_pak\sting.exe |
"UDP Query User{94CF0BE8-90CF-4917-A8FD-E0CDB46DD410}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{959FDD46-FBE8-42FD-96A5-F9276C50F13A}C:\users\destylp\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe" = protocol=17 | dir=in | app=c:\users\destylp\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe |
"UDP Query User{B25F1773-F047-41AE-B545-45F77CFCA5E8}C:\program files\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe" = protocol=17 | dir=in | app=c:\program files\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe |
"UDP Query User{C63F3635-7CDA-43DA-9A2C-F1B1E827B605}C:\users\destylp\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\users\destylp\documents\arma 2\expansion\beta\arma2oa.exe |
"UDP Query User{EF13E641-81C6-46F6-8D1A-824945E02090}C:\program files\paranormal\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\program files\paranormal\binaries\win32\udk.exe |
"UDP Query User{F35F1630-4079-4045-9A3D-CD2D7A1312D1}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{F98606B5-2308-4883-A9DB-05D67C3950BF}C:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C813}_is1" = World of Warplanes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22244C05-142D-4B02-816B-ABF537543E02}" = System Requirements Lab Test
"{2226247D-9846-4370-A1EF-FAA6958F7632}" = Sound Blaster Tactic(3D) Alpha
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{67686439-FBC8-4342-9748-D42BA10F7994}" = DayZ Commander
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron Version SRWare Iron 22.0.1250.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 2.0.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"CCleaner" = CCleaner
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Fraps" = Fraps (remove only)
"Gaming Mouse 3" = Gaming Mouse
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"SysInfo" = Creative Systeminformationen
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Hawken" = Hawken
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.10.2012 09:20:51 | Computer Name = Tobias | Source = Application Error | ID = 1000
Error - 20.10.2012 09:25:56 | Computer Name = Tobias | Source = Application Error
| ID = 1000
Error - 20.10.2012 09:54:45 | Computer Name = Tobias | Source = Application Error | ID = 1000
Error - 20.10.2012 11:06:19 | Computer Name = Tobias | Source = Application Error
| ID = 1000
Description = Name der fehlerhaften Anwendung: Photoshop.exe, Version: 13.0.0.0, Zeitstempel: 0x4f61beba
Name des fehlerhaften Moduls: Photoshop3DEngine.8BI, Version: 13.0.0.0, Zeitstempel: 0x4f61b68d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000bc984
ID des fehlerhaften Prozesses: 0xc78
Startzeit der fehlerhaften Anwendung: 0x01cdaecf3fbe5a09
Pfad der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe Photoshop CS6\Photoshop.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Adobe\Adobe Photoshop CS6\Required\Plug-Ins\3D Engines\Photoshop3DEngine.8BI
Berichtskennung: b37675ea-1ac7-11e2-a978-5404a69d717c
Error - 20.10.2012 18:17:34 | Computer Name = Tobias | Source = Application Error
| ID = 1000
Error - 22.10.2012 08:54:12 | Computer Name = Tobias | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nfs.exe, Version: 1.0.0.1, Zeitstempel:
0x4903d9d7 Name des fehlerhaften Moduls: nfs.exe, Version: 1.0.0.1, Zeitstempel:
0x4903d9d7 Ausnahmecode: 0x40000015 Fehleroffset: 0x0061a56d ID des fehlerhaften Prozesses:
0x4b4 Startzeit der fehlerhaften Anwendung: 0x01cdb0534b2ea478 Pfad der fehlerhaften
Anwendung: C:\Program Files\EA Games\Need for Speed Undercover\nfs.exe Pfad des
fehlerhaften Moduls: C:\Program Files\EA Games\Need for Speed Undercover\nfs.exe
Berichtskennung:
933a75df-1c47-11e2-a0a7-5404a69d717c
Error - 23.10.2012 09:44:40 | Computer Name = Tobias | Source = Windows Installer 3.1 | ID = 921877
Description =
Error - 23.10.2012 09:48:00 | Computer Name = Tobias | Source = Windows Installer 3.1 | ID = 921877
Description =
Error - 24.10.2012 06:35:42 | Computer Name = Tobias | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Steam.exe, Version: 1.0.1446.623,
Zeitstempel: 0x5004ae1a Name des fehlerhaften Moduls: steamservice.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x506ca08d Ausnahmecode: 0xc0000005 Fehleroffset:
0x5f0f1031 ID des fehlerhaften Prozesses: 0xd84 Startzeit der fehlerhaften Anwendung:
0x01cdb1cde9289425 Pfad der fehlerhaften Anwendung: C:\Program Files\Steam\Steam.exe
Pfad
des fehlerhaften Moduls: steamservice.dll Berichtskennung: 8ef99a60-1dc6-11e2-a519-5404a69d717c
Error - 24.10.2012 15:30:41 | Computer Name = Tobias | Source = Application Error | ID = 1000
Error - 24.10.2012 15:30:50 | Computer Name = Tobias | Source = Application Error
| ID = 1000
Error - 25.10.2012 13:32:48 | Computer Name = Tobias | Source = Application Hang | ID = 1002
Description = Programm PDR11.exe, Version 11.0.0.2110 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: bfc Startzeit:
01cdb2d35c6bb829 Endzeit: 245 Anwendungspfad: C:\Program Files\CyberLink\PowerDirector11\PDR11.exe
Berichts-ID:
f945fa24-1ec9-11e2-aba6-5404a69d717c
Error - 27.10.2012 16:31:15 | Computer Name = Tobias | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Rekskj.exe, Version: 7.1.0.11, Zeitstempel:
0x00000000 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0x80000003 Fehleroffset: 0x00160a05 ID des fehlerhaften Prozesses:
0x778 Startzeit der fehlerhaften Anwendung: 0x01cdb481f5afec88 Pfad der fehlerhaften
Anwendung: C:\Users\DestyLP\AppData\Roaming\Rekskj.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 4020b8c0-2075-11e2-bbc9-5404a69d717c
Error - 27.10.2012 16:32:21 | Computer Name = Tobias | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Rekskj.exe, Version: 7.1.0.11, Zeitstempel:
0x00000000 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0x80000003 Fehleroffset: 0x00160a05 ID des fehlerhaften Prozesses:
0x778 Startzeit der fehlerhaften Anwendung: 0x01cdb481f5afec88 Pfad der fehlerhaften
Anwendung: C:\Users\DestyLP\AppData\Roaming\Rekskj.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 67d91835-2075-11e2-bbc9-5404a69d717c
Error - 27.10.2012 19:53:12 | Computer Name = Tobias | Source = Application Error | ID = 1000
Error encountered while reading event logs.
< End of report >
Code:
ATTFilter Adobe AIR Adobe Systems Incorporated 23.09.2012 3.4.0.2540 Adobe Download Assistant Adobe Systems Incorporated 23.09.2012 1.2.2 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 25.10.2012 6,00MB 11.4.402.287 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 08.10.2012 6,00MB 11.4.402.287 Apple Application Support Apple Inc. 06.10.2012 61,0MB 2.1.7 Apple Software Update Apple Inc. 06.10.2012 2,38MB 2.1.3.127 ASIO4ALL Michael Tippach 05.10.2012 2.10 Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 22.06.2012 1.0.2.43 Audacity 2.0.2 Audacity Team 04.10.2012 43,5MB 2.0.2 Avira Free Antivirus Avira 20.10.2012 122MB 13.0.0.2693 BattlEye for OA Uninstall 23.09.2012 CCleaner Piriform 24.09.2012 3.23 Creative Systeminformationen Creative Technology Limited 04.10.2012 1.10 DayZ Commander Dotjosh Studios 09.10.2012 3,94MB 0.9.90 Dropbox Dropbox, Inc. 04.10.2012 1.4.18 Eusing Free Registry Cleaner 15.10.2012 Fraps (remove only) 07.10.2012 Gaming Mouse 26.07.2012 Google Chrome Google Inc. 24.08.2012 22.0.1229.94 Hawken Meteor Entertainment 21.10.2012 1,96GB Java 7 Update 7 Oracle 30.09.2012 128MB 7.0.70 JavaFX 2.1.1 Oracle Corporation 23.06.2012 20,8MB 2.1.1 League of Legends Riot Games 22.09.2012 1.3 Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 28.10.2012 19,4MB 1.65.1.1000 Microsoft .NET Framework 1.1 Microsoft 24.08.2012 34,8MB 1.1.4322 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 23.06.2012 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 23.06.2012 2,93MB 4.0.30319 Microsoft .NET Framework 4 Extended Microsoft Corporation 04.07.2012 51,9MB 4.0.30319 Microsoft Silverlight Microsoft Corporation 15.10.2012 22,6MB 5.1.10411.0 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.10.2012 2,38MB 8.0.56336 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 08.10.2012 226KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 05.09.2012 596KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 23.09.2012 226KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 06.09.2012 600KB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 06.09.2012 14,0MB 10.0.40219 Microsoft XNA Framework Redistributable 3.1 Microsoft Corporation 19.10.2012 7,55MB 3.1.10527.0 Need for Speed™ Most Wanted 22.10.2012 Newblue Art Effects for PowerDirector NewBlue 06.10.2012 2.0 Notepad++ 18.09.2012 6.1.8 NVIDIA 3D Vision Controller-Treiber 306.97 NVIDIA Corporation 24.10.2012 306.97 NVIDIA 3D Vision Treiber 306.97 NVIDIA Corporation 24.10.2012 306.97 NVIDIA Grafiktreiber 306.97 NVIDIA Corporation 24.10.2012 306.97 NVIDIA PhysX NVIDIA Corporation 21.10.2012 34,0MB 9.12.0613 NVIDIA PhysX-Systemsoftware 9.12.0604 NVIDIA Corporation 15.09.2012 9.12.0604 NVIDIA Update 1.10.8 NVIDIA Corporation 24.10.2012 1.10.8 Pando Media Booster Pando Networks Inc. 22.09.2012 5,46MB 2.6.0.8 QuickTime Apple Inc. 06.10.2012 73,2MB 7.72.80.56 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 13.07.2012 6.0.1.6662 Skype™ 5.10 Skype Technologies S.A. 07.09.2012 19,4MB 5.10.116 Sound Blaster Tactic(3D) Alpha Creative Technology Limited 04.10.2012 1.0 SRWare Iron Version SRWare Iron 22.0.1250.0 SRWare 07.10.2012 89,4MB SRWare Iron 22.0.1250.0 Steam Valve Corporation 23.09.2012 35,4MB 1.0.0.0 System Requirements Lab CYRI Husdawg, LLC 17.09.2012 935KB 4.5.1.0 System Requirements Lab Test Husdawg, LLC 13.10.2012 575KB 5.0.5.0 WinRAR 4.20 (32-Bit) win.rar GmbH 25.06.2012 4.20.0 World of Warplanes Wargaming.net 26.10.2012 14,0MB Geändert von DestyZockt (28.10.2012 um 11:55 Uhr) |
|
29.10.2012, 11:11
| #4 | |
| /// Helfer-Team | Wie entferne ich den Skype Virus ? Systemreinigung und Prüfung: ► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück! Nur bei Probleme inzwischen melden! 1. Zitat:
Code:
ATTFilter :OTL
SRV - (gupdatem) -- File not found
SRV - (gupdate) -- File not found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=112463&tt=120912_cpc_3812_4&babsrc=HP_ss&mntrId=fc3ed28d0000000000005404a69d717c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112463&tt=120912_cpc_3812_4&babsrc=HP_ss&mntrId=fc3ed28d0000000000005404a69d717c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112463&tt=120912_cpc_3812_4&babsrc=SP_ss&mntrId=fc3ed28d0000000000005404a69d717c
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found
CHR - homepage: http://search.babylon.com/?affID=112463&tt=120912_cpc_3812_4&babsrc=HP_ss&mntrId=fc3ed28d0000000000005404a69d717c
CHR - homepage: http://search.babylon.com/?affID=112463&tt=120912_cpc_3812_4&babsrc=HP_ss&mntrId=fc3ed28d0000000000005404a69d717c
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O4 - HKCU..\Run: [Rekskj] C:\Users\DestyLP\AppData\Roaming\Rekskj.exe (www.ABBYY.ru)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3d2237b3-c83a-11e1-a49b-5404a69d717c}\Shell - "" = AutoRun
O33 - MountPoints2\{3d2237b3-c83a-11e1-a49b-5404a69d717c}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{79168113-04a6-11e2-b5c5-5404a69d717c}\Shell - "" = AutoRun
O33 - MountPoints2\{79168113-04a6-11e2-b5c5-5404a69d717c}\Shell\AutoRun\command - "" = F:\INSTALL.EXE
O33 - MountPoints2\{aad234f9-1aac-11e2-a978-5404a69d717c}\Shell - "" = AutoRun
O33 - MountPoints2\{aad234f9-1aac-11e2-a978-5404a69d717c}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{ce41d082-cdf3-11e1-9f52-5404a69d717c}\Shell - "" = AutoRun
O33 - MountPoints2\{ce41d082-cdf3-11e1-9f52-5404a69d717c}\Shell\AutoRun\command - "" = E:\CitiesXL2011.exe
O33 - MountPoints2\{cfb02202-1486-11e2-bdb2-5404a69d717c}\Shell - "" = AutoRun
O33 - MountPoints2\{cfb02202-1486-11e2-bdb2-5404a69d717c}\Shell\AutoRun\command - "" = E:\Autorun.exe
:Files
C:\Users\DestyLP\AppData\Roaming\Rekskj.exe
C:\Users\DestyLP\AppData\Roaming\Babylon
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
2. Java prüfen ggf aktualisieren:-> klick hier! Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. 3. Alle Programme/Fenster schließen Java-Cache leeren - sollte man öfters tun! Start => Systemsteuerung => Java => Allgemein => Temporäre Internet-Dateien "Einstellungen" => Dateien löschen => Haken bei "Anwendungen und Applets" sowie bei "Verfolgungs- und Protokolldateien" setzen => OK -> Wie leere ich den Java-Cache? -> Java-Cache leeren -> Kurze Videoanleitung wie man unter Windows 7 und XP den JAVA Cache löschen kann. 4. Tipps - Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit wie alle andere installierte Software muss gepflegt werden! Auch bei Nicht-Verwendung!: -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8 -> Wie kann ich den Cache im Internet Explorer leeren? 5. Alle Programme/Fenster schliessen reinige dein System mit CCleaner:
6. Vorbereitung
Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!
7. erneut einen Scan mit OTL:
8. Datei-Überprüfung Folgende Datei/en (siehe Codebox) bei VirusTotal online überprüfen lassen. ►Prüfende Datei/en: Code:
ATTFilter C:\Windows\System32\drivers\fcakh.sys
► Beispiel - das zu postende Logfile von Virustotal soll so wie hier aussehen Also nicht auslassen, sondern wie Du es bekommst da reinkopieren!: Scanergebnisse mitsamt Dateiname! Code:
ATTFilter Datei File name:
<hier kommt die Dateiname>
Submission date:
2010-10-22 03:34:01 (UTC)
Current status:
queued queued analysing finished
Result:
.....%
VT Community
goodware/badware
Safety score: 100.0%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.10.22.00 2010.10.21 -
AntiVir 7.10.13.15 2010.10.21 -
Antiy-AVL 2.0.3.7 2010.10.22 -
Authentium 5.2.0.5 2010.10.22 -
Avast 4.8.1351.0 2010.10.21 -
Avast5 5.0.594.0 2010.10.21 -
usw........
...werden geprüft v. mehr wie 40 Online Virus Scanner...also Geduld!!
9. Die folgende Aufgabe im Task sagt mir nichts: Code:
ATTFilter C:\Windows\tasks\OptimizerPro1UpdaterTask{A69F001A-D6D0-484E-8C81-EAB647AB352D}.job
oder unter Systemsteuerung –> System und Sicherheit –> Verwaltung den Punkt “Aufgabenplanung” Alternativ können Sie auch [Win]+[R] drücken und den Befehl taskschd.msc eingeben, um die Aufgabenplanung zu starten. ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
29.10.2012, 13:58
| #5 |
| | Wie entferne ich den Skype Virus ? Schreibe gerade von dem Rechner meiner Eltern aus , weil mein Windows nach ca.1 min abstürzt wenn es hochgefahren ist . Bevor das Problem auftrat . Ist mein Rechner extrem langsam geworden und die explorer.exe ist des öfteren mal abgestürzt , und hat sich dann nicht mehr gestartet . Seit dem stürzt immer Windows ab . Wäre es jetzt hilfreich meinen Computer neu aufzusetzen ? |
|
06.11.2012, 16:06
| #6 | |
| /// Helfer-Team | Wie entferne ich den Skype Virus ?Zitat:
__________________ --> Wie entferne ich den Skype Virus ? |
|
| Themen zu Wie entferne ich den Skype Virus ? |
| abstürze, abstürzen, beendet, bildschirm, computer, datei, desktop, gefährlich, gesendet, kaputt, klicke, kontackte, langsamer, link, löschen, maus, namen, neue, nicht mehr, problem, probleme, prozesse, skype, taskmanager, verschwunden, virus, virus ?, weiße striche, öffnen |
.
Linear-Darstellung
