| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: lt.: Virus Total: Trojan-Spy.Win32.ZBotWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.02.2013, 20:28
| #1 |
 |  lt.: Virus Total: Trojan-Spy.Win32.ZBot Hallo zusammen, beim Surfen kam aufeinmal meine Win Firewall und wollte Zugriff für wuen.exe. Kannte ich nicht und habe ich auch nicht gestattet. Habe die *.exe bei Virus Total geprüft und Kaspersky erkennt es als Trojan-Spy.Win32.ZBot. Habe dann den zBotKiller ausgeführt. Dieser konnte es entfernen. Nach einem Neustart ist aber wieder der Prozess gestartet. Habe schonal OTL geladen und scannen lassen, weil ich hier einen gleichen Thread gefunden hatte. OS: Win7 x64 Browser Opera Version 12.14 Virus Total Link: h**ps://www.virustotal.com/de/file/15f2f61f8be57c823db6d4479e711e725efd3874912995983b66ee11f548d079/analysis/1361905093/ Code:
ATTFilter OTL logfile created on: 26.02.2013 20:15:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Goerde\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,90 Gb Total Physical Memory | 6,44 Gb Available Physical Memory | 81,49% Memory free 15,79 Gb Paging File | 14,16 Gb Available in Paging File | 89,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 238,37 Gb Total Space | 169,04 Gb Free Space | 70,91% Space Free | Partition Type: NTFS Drive E: | 100,00 Mb Total Space | 71,70 Mb Free Space | 71,70% Space Free | Partition Type: NTFS Drive F: | 429,69 Gb Total Space | 49,36 Gb Free Space | 11,49% Space Free | Partition Type: NTFS Drive G: | 150,16 Gb Total Space | 49,43 Gb Free Space | 32,92% Space Free | Partition Type: NTFS Drive H: | 351,56 Gb Total Space | 209,96 Gb Free Space | 59,72% Space Free | Partition Type: NTFS Drive I: | 19,53 Gb Total Space | 19,34 Gb Free Space | 99,01% Space Free | Partition Type: NTFS Drive J: | 390,63 Gb Total Space | 103,48 Gb Free Space | 26,49% Space Free | Partition Type: NTFS Drive K: | 288,47 Gb Total Space | 48,93 Gb Free Space | 16,96% Space Free | Partition Type: NTFS Drive L: | 1863,01 Gb Total Space | 932,81 Gb Free Space | 50,07% Space Free | Partition Type: NTFS Drive M: | 3,24 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive N: | 7,66 Gb Total Space | 3,66 Gb Free Space | 47,76% Space Free | Partition Type: NTFS Drive Z: | 1863,01 Gb Total Space | 1682,14 Gb Free Space | 90,29% Space Free | Partition Type: NTFS Computer Name: GOERDE-PC | User Name: Goerde | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Goerde\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Ozone Xenon Driver\Monitor.EXE () PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Ozone Xenon Driver\hiddriver.dll () MOD - C:\Program Files (x86)\Ozone Xenon Driver\Monitor.EXE () MOD - C:\Program Files (x86)\Ozone Xenon Driver\lan.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (SkypeUpdate) -- J:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (OfficeSvc) -- C:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (ISCT) -- C:\Windows\SysNative\drivers\ISCTD64.sys () DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C9 2F 73 CB 9E 03 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Ozone Xenon Driver] C:\Program Files (x86)\Ozone Xenon Driver\Monitor.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] J:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Zigaiq] C:\Users\Goerde\AppData\Roaming\Izdyeh\wuen.exe () O4 - Startup: C:\Users\Goerde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80524643-921C-4452-87F4-381B9CABBDB0}: DhcpNameServer = 192.168.11.1 O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.07.01 01:27:21 | 000,000,000 | ---D | M] - M:\AutoPlay -- [ CDFS ] O32 - AutoRun File - [2007.07.01 01:27:21 | 000,000,044 | R--- | M] () - M:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{7a4e811c-7371-11e2-b3d1-bc5ff45e16cc}\Shell - "" = AutoRun O33 - MountPoints2\{7a4e811c-7371-11e2-b3d1-bc5ff45e16cc}\Shell\AutoRun\command - "" = M:\RCT_GOLD.exe -- [2007.07.01 01:27:20 | 002,412,544 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.26 20:08:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Goerde\Desktop\OTL.exe [2013.02.26 19:35:32 | 000,000,000 | ---D | C] -- C:\Users\Goerde\AppData\Roaming\Zydayd [2013.02.26 19:35:32 | 000,000,000 | ---D | C] -- C:\Users\Goerde\AppData\Roaming\Pimo [2013.02.26 19:35:32 | 000,000,000 | ---D | C] -- C:\Users\Goerde\AppData\Roaming\Izdyeh [2013.02.22 19:55:35 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll [2013.02.22 19:47:34 | 000,000,000 | ---D | C] -- C:\Users\Goerde\AppData\Roaming\Atari [2013.02.22 19:45:49 | 000,000,000 | ---D | C] -- C:\Users\Goerde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.02.22 19:45:31 | 000,000,000 | ---D | C] -- C:\Users\Goerde\Documents\RCT3 [2013.02.22 19:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PocketSoft [2013.02.22 19:45:31 | 000,000,000 | ---D | C] -- C:\Users\Goerde\Documents\My Pictures [2013.02.22 19:45:31 | 000,000,000 | ---D | C] -- C:\Users\Goerde\Documents\My Music [2013.02.22 19:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari [2013.02.22 16:03:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com [2013.02.21 12:42:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.02.21 12:42:29 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.21 12:42:28 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.21 12:42:28 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.21 12:42:28 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.21 12:42:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.02.19 19:47:35 | 000,000,000 | ---D | C] -- C:\Users\Goerde\Documents\Outlook-Dateien [2013.02.19 19:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2013.02.19 19:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft [2013.02.19 19:23:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.02.19 19:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [2013.02.19 19:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15 [2013.02.13 17:23:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.13 17:23:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.13 17:23:42 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.13 17:23:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.13 17:23:41 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.13 17:23:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.13 17:23:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.13 17:23:41 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.13 17:23:41 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.13 17:23:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.13 17:23:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.13 17:23:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.13 17:23:40 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.13 17:23:40 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.13 17:23:40 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.13 17:17:28 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 17:17:28 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 17:17:28 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 17:17:26 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 17:17:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 17:17:26 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 17:17:26 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 17:17:26 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 17:17:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 17:17:25 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.10 14:04:23 | 000,000,000 | ---D | C] -- C:\Users\Goerde\AppData\Local\PunkBuster [2013.02.10 14:04:22 | 000,000,000 | ---D | C] -- C:\Users\Goerde\Documents\BFBC2 [2013.02.10 13:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2013.02.10 13:39:24 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.02.10 13:39:22 | 000,000,000 | ---D | C] -- C:\Users\Goerde\AppData\Roaming\DAEMON Tools Lite [2013.02.10 13:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2013.02.10 12:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.02.10 12:02:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.02.10 12:02:20 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2013.02.10 12:02:20 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.02.10 12:02:20 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.02.10 12:02:20 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.02.10 12:02:20 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.02.10 12:02:19 | 003,615,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2013.02.10 12:02:19 | 002,674,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2013.02.10 12:02:19 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2013.02.10 12:02:19 | 000,869,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2013.02.10 12:02:19 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.02.10 12:02:19 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2013.02.10 12:02:19 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.02.10 12:02:19 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2013.02.10 12:02:19 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.02.10 12:02:19 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.02.10 12:02:19 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll [2013.02.10 12:02:18 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2013.02.10 12:02:18 | 001,262,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2013.02.10 12:02:18 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013.02.10 12:02:18 | 000,897,152 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll [2013.02.10 12:02:18 | 000,753,280 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll [2013.02.10 12:02:18 | 000,626,304 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBTHX64.dll [2013.02.10 12:02:18 | 000,561,792 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBTHX32.dll [2013.02.10 12:02:18 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.02.10 12:02:18 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.02.10 12:02:18 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.02.10 12:02:18 | 000,105,616 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll [2013.02.10 12:02:18 | 000,083,072 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll [2013.02.10 12:02:18 | 000,032,344 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\MBfilt64.sys [2013.02.10 12:02:17 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.02.10 12:02:16 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2013.02.10 12:02:16 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2013.02.10 12:02:14 | 001,706,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2013.02.10 12:02:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2013.02.10 12:02:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.02.10 11:28:47 | 000,000,000 | ---D | C] -- C:\Users\Goerde\AppData\Roaming\Skype [2013.02.10 11:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.10 11:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.02.10 11:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013.02.08 02:16:46 | 000,829,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll [2013.02.08 02:16:46 | 000,608,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100.dll [2013.02.05 13:47:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera x64 [2013.02.05 13:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\Opera x64 [2013.02.04 19:28:17 | 000,000,000 | ---D | C] -- C:\Users\Goerde\AppData\Local\Activision [2013.02.04 19:27:47 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll [2013.02.04 19:27:47 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll [2013.02.04 19:27:47 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll [2013.02.04 19:27:47 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll [2013.02.04 19:27:47 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll [2013.02.04 19:27:47 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll [2013.02.04 19:27:47 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll [2013.02.04 19:27:47 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll [2013.02.04 19:27:46 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll [2013.02.04 19:27:46 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll [2013.02.04 19:27:46 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll [2013.02.04 19:27:46 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll [2013.02.04 19:27:46 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll [2013.02.04 19:27:46 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll [2013.02.04 19:27:46 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll [2013.02.04 19:27:46 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll [2013.02.04 19:27:46 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll [2013.02.04 19:27:46 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll [2013.02.04 19:27:46 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll [2013.02.04 19:27:46 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll [2013.02.04 19:27:45 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll [2013.02.04 19:27:45 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll [2013.02.04 19:27:45 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll [2013.02.04 19:27:45 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll [2013.02.04 19:27:45 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll [2013.02.04 19:27:45 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll [2013.02.04 19:27:45 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll [2013.02.04 19:27:45 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll [2013.02.04 19:27:44 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll [2013.02.04 19:27:44 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll [2013.02.04 19:27:44 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll [2013.02.04 19:27:44 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll [2013.02.04 19:27:44 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll [2013.02.04 19:27:44 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll [2013.02.04 19:27:44 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll [2013.02.04 19:27:44 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll [2013.02.04 19:27:43 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll [2013.02.04 19:27:43 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll [2013.02.04 19:27:43 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll [2013.02.04 19:27:43 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll [2013.02.04 19:27:43 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll [2013.02.04 19:27:43 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll [2013.02.04 19:27:43 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll [2013.02.04 19:27:43 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll [2013.02.04 19:27:43 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2013.02.04 19:27:42 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll [2013.02.04 19:27:42 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll [2013.02.04 19:27:42 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll [2013.02.04 19:27:42 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll [2013.02.04 19:27:42 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll [2013.02.04 19:27:42 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll [2013.02.04 19:27:42 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll [2013.02.04 19:27:42 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll [2013.02.04 19:27:42 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll [2013.02.04 19:27:42 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll [2013.02.04 19:27:42 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll [2013.02.04 19:27:42 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll [2013.02.04 19:27:41 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll [2013.02.04 19:27:41 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll [2013.02.04 19:27:41 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll [2013.02.04 19:27:41 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2013.02.04 19:27:41 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll [2013.02.04 19:27:41 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll [2013.02.04 19:27:41 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll [2013.02.04 19:27:41 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll [2013.02.04 19:27:41 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll [2013.02.04 19:27:41 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2013.02.04 19:27:41 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll [2013.02.04 19:27:41 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll [2013.02.04 19:27:40 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll [2013.02.04 19:27:40 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2013.02.04 19:27:40 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll [2013.02.04 19:27:40 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2013.02.04 19:27:40 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll [2013.02.04 19:27:40 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll [2013.02.04 19:27:40 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll [2013.02.04 19:27:40 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2013.02.04 19:27:40 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll [2013.02.04 19:27:40 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll [2013.02.04 19:27:40 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll [2013.02.04 19:27:40 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll [2013.02.04 19:27:39 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll [2013.02.04 19:27:39 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll [2013.02.04 19:27:39 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll [2013.02.04 19:27:39 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll [2013.02.04 19:27:39 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll [2013.02.04 19:27:39 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll [2013.02.04 19:27:39 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll [2013.02.04 19:27:39 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll [2013.02.04 19:27:39 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll [2013.02.04 19:27:39 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll [2013.02.04 19:27:38 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll [2013.02.04 19:27:38 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll [2013.02.04 19:27:38 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll [2013.02.04 19:27:38 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll [2013.02.04 19:27:38 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll [2013.02.04 19:27:38 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll [2013.02.04 19:27:38 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll [2013.02.04 19:27:38 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll [2013.02.04 19:27:38 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll [2013.02.04 19:27:38 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll [2013.02.04 19:27:37 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll [2013.02.04 19:27:37 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll [2013.02.04 19:27:37 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll [2013.02.04 19:27:37 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll [2013.02.04 19:27:37 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll [2013.02.04 19:27:37 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll [2013.02.04 19:27:37 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll [2013.02.04 19:27:37 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll [2013.02.04 19:27:36 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll [2013.02.04 19:27:36 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll [2013.02.04 19:27:36 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll [2013.02.04 19:27:36 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll [2013.02.04 19:27:36 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll [2013.02.04 19:27:36 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll [2013.02.04 19:27:36 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll [2013.02.04 19:27:36 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll [2013.02.04 19:27:36 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll [2013.02.04 19:27:36 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll [2013.02.04 19:27:35 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll [2013.02.04 19:27:35 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll [2013.02.04 19:27:35 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll [2013.02.04 19:27:35 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll [2013.02.04 19:26:32 | 000,000,000 | ---D | C] -- C:\Users\Goerde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2013.02.04 19:14:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.02.04 19:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.02.03 11:42:16 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll [2013.02.03 11:42:16 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll [2013.02.03 11:42:16 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll [2013.02.03 11:42:16 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll [2013.02.03 11:42:16 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll [2013.02.03 11:42:16 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll [2013.02.03 11:42:16 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll [2013.02.03 11:42:16 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll [2013.02.03 11:42:15 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll [2013.02.03 11:42:15 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll [2013.02.03 11:42:15 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll [2013.02.03 11:42:15 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll [2013.02.03 11:42:15 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll [2013.02.03 11:42:15 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll [2013.02.03 11:42:15 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll [2013.02.03 11:42:15 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll [2013.02.03 11:42:14 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll [2013.02.03 11:42:14 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll [2013.02.03 11:42:14 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll [2013.02.03 11:42:14 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll [2013.02.03 11:42:14 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll [2013.02.03 11:42:14 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll [2013.02.03 11:42:13 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2013.02.03 11:42:13 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll [2013.02.03 11:42:13 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2013.02.03 11:42:13 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll [2013.02.03 11:42:13 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll [2013.02.03 11:42:13 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll [2013.02.03 11:42:13 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll [2013.02.03 11:42:12 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll [2013.02.03 11:42:12 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll [2013.02.03 11:42:12 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll [2013.02.03 11:42:12 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll [2013.02.03 11:42:12 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll [2013.02.03 11:42:12 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll [2013.02.03 11:42:12 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll [2013.02.03 11:42:12 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll [2013.02.03 11:42:11 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll [2013.02.03 11:42:11 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll [2013.02.03 11:42:09 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2013.02.03 11:42:09 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll [2013.02.03 11:42:09 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2013.02.03 11:42:09 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll [2013.02.03 11:42:09 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll [2013.02.03 11:42:09 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll [2013.02.03 11:42:09 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll [2013.02.03 11:42:09 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll [2013.02.03 11:42:08 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll [2013.02.03 11:42:08 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll [2013.02.03 11:42:08 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll [2013.02.03 11:42:08 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll [2013.02.03 11:42:08 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll [2013.02.03 11:42:08 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll [2013.02.03 11:42:07 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll [2013.02.03 11:42:07 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll [2013.02.03 11:42:07 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll [2013.02.03 11:42:07 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll [2013.02.03 11:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision [2013.02.03 11:28:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision [2013.02.01 18:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.02.01 18:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013.02.01 18:23:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2013.02.01 18:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center ========== Files - Modified Within 30 Days ========== [2013.02.26 20:11:55 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.26 20:11:55 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.26 20:09:28 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.26 20:09:28 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.26 20:09:28 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.26 20:09:28 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.26 20:09:28 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.26 20:08:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Goerde\Desktop\OTL.exe [2013.02.26 20:04:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.26 20:04:40 | 2064,957,439 | -HS- | M] () -- C:\hiberfil.sys [2013.02.25 22:50:45 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.25 22:50:45 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.22 19:55:35 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll [2013.02.22 19:55:05 | 000,000,567 | ---- | M] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk [2013.02.22 16:03:59 | 000,000,679 | ---- | M] () -- C:\Users\Public\Desktop\Settlers 2 GOLD.lnk [2013.02.21 12:42:26 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.21 12:42:25 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.21 12:42:25 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.21 12:42:25 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.21 12:42:24 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013.02.21 12:42:24 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.02.20 09:48:13 | 000,436,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.10 14:24:41 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.02.10 14:24:29 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.02.10 14:24:29 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.10 13:43:28 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2013.02.10 13:39:24 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.02.08 02:16:46 | 000,829,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll [2013.02.08 02:16:46 | 000,608,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100.dll [2013.02.05 13:47:26 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2013.02.04 19:14:19 | 000,000,543 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2013.02.03 11:40:33 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Mehrspieler.lnk [2013.02.03 11:40:33 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Einzelspieler.lnk [2013.02.03 11:40:04 | 000,000,331 | ---- | M] () -- C:\Windows\game.ini ========== Files Created - No Company Name ========== [2013.02.22 19:45:34 | 000,000,567 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk [2013.02.22 19:45:31 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2013.02.22 16:03:59 | 000,000,679 | ---- | C] () -- C:\Users\Public\Desktop\Settlers 2 GOLD.lnk [2013.02.10 14:04:26 | 000,282,296 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.02.10 13:43:29 | 000,282,296 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.10 13:43:28 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2013.02.10 13:43:28 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.02.10 12:02:19 | 002,261,764 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat [2013.02.10 12:02:18 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2013.02.05 13:47:26 | 000,001,827 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2013.02.05 13:47:26 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2013.02.04 19:14:19 | 000,000,543 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2013.02.03 11:40:33 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Mehrspieler.lnk [2013.02.03 11:40:33 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Einzelspieler.lnk [2013.02.03 11:40:04 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2012.11.24 18:03:07 | 000,007,605 | ---- | C] () -- C:\Users\Goerde\AppData\Local\Resmon.ResmonCfg [2012.11.21 19:29:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.10.10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.10.10 02:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.10.10 02:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.02.2013 20:15:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Goerde\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,90 Gb Total Physical Memory | 6,44 Gb Available Physical Memory | 81,49% Memory free
15,79 Gb Paging File | 14,16 Gb Available in Paging File | 89,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,37 Gb Total Space | 169,04 Gb Free Space | 70,91% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 71,70 Mb Free Space | 71,70% Space Free | Partition Type: NTFS
Drive F: | 429,69 Gb Total Space | 49,36 Gb Free Space | 11,49% Space Free | Partition Type: NTFS
Drive G: | 150,16 Gb Total Space | 49,43 Gb Free Space | 32,92% Space Free | Partition Type: NTFS
Drive H: | 351,56 Gb Total Space | 209,96 Gb Free Space | 59,72% Space Free | Partition Type: NTFS
Drive I: | 19,53 Gb Total Space | 19,34 Gb Free Space | 99,01% Space Free | Partition Type: NTFS
Drive J: | 390,63 Gb Total Space | 103,48 Gb Free Space | 26,49% Space Free | Partition Type: NTFS
Drive K: | 288,47 Gb Total Space | 48,93 Gb Free Space | 16,96% Space Free | Partition Type: NTFS
Drive L: | 1863,01 Gb Total Space | 932,81 Gb Free Space | 50,07% Space Free | Partition Type: NTFS
Drive M: | 3,24 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive N: | 7,66 Gb Total Space | 3,66 Gb Free Space | 47,76% Space Free | Partition Type: NTFS
Drive Z: | 1863,01 Gb Total Space | 1682,14 Gb Free Space | 90,29% Space Free | Partition Type: NTFS
Computer Name: GOERDE-PC | User Name: Goerde | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files\Opera x64\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera x64\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C231F90E-4953-40D3-A8ED-8E3D2B72408F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05D0A6BC-4195-4457-9D93-7E702E05EEB7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{073B6594-0D76-4CFF-8E9F-93C19B938AED}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{0D29D671-687C-4BCA-8030-95550746C442}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe |
"{1652FB01-2741-4553-9E33-98ADBBBBF54B}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{2D9155E9-9AD3-4A52-8769-F5467601C4F8}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{3832F364-377C-4AA1-8013-9ECBB5697772}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{3D28E207-DE08-4129-A49B-003445F15331}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{3F513997-9BA3-4D7B-A76E-214EDD74F3E2}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{40A02895-2239-4B35-A1D3-9AF6E4F14FA0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{49A8E116-2E75-4C7D-8981-1D5DCEB77CB3}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{4A1E1F8C-FDFD-49FE-B86E-53EE61E56C4B}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{669D0189-AE0C-4C57-A7A3-F2ACC902825D}" = protocol=6 | dir=in | app=c:\games\bfbc2\bfbc2updater.exe |
"{67ABAED3-F5B3-437F-A9BF-9FC5919F927F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{6A44ED7B-4EC5-4636-9B99-D73815AF5AA7}" = protocol=17 | dir=in | app=c:\program files\opera x64\opera.exe |
"{6C663891-00C0-44EB-B68F-8F12D0D2CE26}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{73EB17B1-2375-42FF-9659-B3437901A46D}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{76687F1A-9646-4533-A685-632DD5BA1462}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{7E9A4213-52CC-4630-8AAA-FE75FDF5C7E7}" = protocol=17 | dir=in | app=c:\games\diablo iii\diablo iii.exe |
"{809050DD-AE3F-4FB3-9B42-4A3A1006FD4F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{835716A9-89DD-44DB-AAD9-8583B0A74938}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{83714372-E346-469C-8F30-1F83B0A86B16}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{905F7E33-B4B5-41BE-B8AD-F7C9A59622C5}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{90E1A0EB-43E3-490C-AB31-826E16CCF325}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{96528405-A30A-4B76-B331-D9741E52FCE1}" = protocol=6 | dir=in | app=c:\games\diablo iii\diablo iii.exe |
"{9798D854-CD88-4B06-9600-FE7B2397F21C}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{9C166BEB-2E15-4B69-9704-9941612268D6}" = dir=in | app=j:\programme\skype\phone\skype.exe |
"{9E442EFA-C6B1-4316-80EF-81E438EACC27}" = protocol=17 | dir=in | app=c:\games\bfbc2\bfbc2updater.exe |
"{9E97C276-807F-4F0D-BB82-71C0B3CB74DE}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe |
"{C00292E8-164C-48C0-A37D-1DECBB3C5186}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{C3F43B5D-3989-4202-B972-0AB6ADC073BC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{CEDC8748-7DFC-4860-B7D0-3CA5AC8CBD36}" = protocol=6 | dir=in | app=c:\program files\opera x64\opera.exe |
"{D3EFF075-20B5-468E-A2DE-73FF37CE3B9F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{DC3CC3DE-5F55-4D5C-82A9-31FF6C39A29A}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\company of heroes\reliccoh.exe |
"{DDB9ACAA-EF3E-45A4-B7CC-17AD4EDDCF4F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DF30C366-74C0-4AA6-B345-E6206CC97132}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{E78220C1-A7E6-4D93-B02F-5A37E6DF7C3D}" = protocol=6 | dir=in | app=h:\steam\steam.exe |
"{E9E6395E-6586-4C39-A546-3AAA3692B824}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\company of heroes\reliccoh.exe |
"{F6D376A1-D895-4801-9687-09040C242AA1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{F7E01B0A-9DD4-4449-B395-52978CD72534}" = protocol=17 | dir=in | app=h:\steam\steam.exe |
"TCP Query User{0527C3DF-3761-4B3D-91DD-1F8513CC04FF}C:\users\goerde\appdata\roaming\izdyeh\wuen.exe" = protocol=6 | dir=in | app=c:\users\goerde\appdata\roaming\izdyeh\wuen.exe |
"TCP Query User{41CDCA3B-69F1-46DC-9500-C83AA4449374}J:\jloader\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=j:\jloader\jdownloader\jre\bin\javaw.exe |
"TCP Query User{914010DB-55BE-4D25-BE07-1437053A0735}C:\games\bfbc2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\games\bfbc2\bfbc2game.exe |
"TCP Query User{A5C75BB2-B8EA-4486-8AEA-DD1BDA5FF2EC}H:\steam\steamapps\common\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\call of duty black ops\blackops.exe |
"TCP Query User{CD0D7E50-A44B-4D54-8A07-EEE29CDAFFF5}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{E119F342-2F55-4800-AA30-9C54C58D1301}F:\jloader\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=f:\jloader\jdownloader\jre\bin\javaw.exe |
"UDP Query User{093F5F6C-6AD7-46A4-BD67-CA97B9A844E1}C:\games\bfbc2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\games\bfbc2\bfbc2game.exe |
"UDP Query User{1AC33E77-8E0F-4994-9C0E-8670BBEAB296}J:\jloader\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=j:\jloader\jdownloader\jre\bin\javaw.exe |
"UDP Query User{43BE0C79-EDB9-4369-A251-E2EB9ABF9698}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{61E1CC06-4577-454D-8110-62A99BA159BA}H:\steam\steamapps\common\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\call of duty black ops\blackops.exe |
"UDP Query User{67B5CC71-F6F6-4F4C-AE73-906327B39060}C:\users\goerde\appdata\roaming\izdyeh\wuen.exe" = protocol=17 | dir=in | app=c:\users\goerde\appdata\roaming\izdyeh\wuen.exe |
"UDP Query User{7DD0AA84-A1F5-48DC-B620-5C6EA8264D9D}F:\jloader\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=f:\jloader\jdownloader\jre\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{90150000-007E-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{90150000-008C-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-1000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Opera 12.14.1738" = Opera 12.14
"ProPlusRetail - de-de" = Microsoft Office Professional Plus 2013 - de-de
"VLC media player" = VLC media player 2.0.4
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung SSD Magician
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{6C4453CD-123A-40FB-8227-E23AF8748C5A}" = Ozone Xenon Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"PunkBusterSvc" = PunkBuster Services
"Settlers 2 GOLD_is1" = Settlers 2 GOLD
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Winamp" = Winamp
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.02.2013 14:21:50 | Computer Name = Goerde-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.02.2013 20:00:48 | Computer Name = Goerde-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.02.2013 05:40:07 | Computer Name = Goerde-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.02.2013 12:35:36 | Computer Name = Goerde-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.02.2013 05:55:35 | Computer Name = Goerde-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.02.2013 17:49:51 | Computer Name = Goerde-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.02.2013 06:06:44 | Computer Name = Goerde-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.02.2013 13:53:44 | Computer Name = Goerde-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.02.2013 14:56:50 | Computer Name = Goerde-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.02.2013 15:06:34 | Computer Name = Goerde-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 11.12.2012 12:20:22 | Computer Name = Goerde-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
Error - 28.12.2012 06:30:25 | Computer Name = Goerde-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
Error - 11.01.2013 21:10:35 | Computer Name = Goerde-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
Error - 14.01.2013 16:43:32 | Computer Name = Goerde-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
Error - 20.01.2013 11:54:02 | Computer Name = Goerde-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR7 gefunden.
Error - 20.01.2013 11:54:02 | Computer Name = Goerde-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR7 gefunden.
Error - 02.02.2013 05:07:36 | Computer Name = Goerde-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
< End of report >
Habe auch den Prozess manuell wieder abgeschossen bevor die scans durchgeführt wurden. |
| Themen zu lt.: Virus Total: Trojan-Spy.Win32.ZBot |
| adobe, adobe reader xi, autorun, battle.net, bho, black, error, excel, explorer, firefox, firewall, flash player, format, helper, install.exe, jdownloader, kaspersky, logfile, monitor.exe, neustart, opera, plug-in, prozess, realtek, registry, rundll, scan, security, trojan-spy.win32.zbot, udp, usb, virus, virus total, warum, windows, wrapper |
Baum-Darstellung