| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner Gefunden :SWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.07.2010, 18:11
| #1 |
 |  Trojaner Gefunden :S Hallo zusammen  Ich hab mal ne Frage :3 vorhin habe ich mal in meinem meinem Berricht von Kaspersky rein geguckt und habe gesehen das 2 Trojaner gefunden wurden. Nun weiß ich nicht ob jetzt mein System oder diese komische seite infiziert ist. Ich kann das irgendwie nicht Deuten :S Ich habe einen Komplett Scan gemacht und dort wurde nichts gefunden. hier is ein Bild vom Bericht Fenster  Danke im vorraus ! |
|
12.07.2010, 18:42
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner Gefunden :S Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
12.07.2010, 20:01
| #3 |
| | Trojaner Gefunden :S Wo speichter Malwarebytes denn das Logfile ?
__________________ |
|
12.07.2010, 20:05
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Gefunden :S Im Programm selbst findest Du alle Logs im Reiter Logdateien bzw. Scan-Berichte (je nach Version und eingestellte Sprache)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.07.2010, 20:37
| #5 |
| | Trojaner Gefunden :S lol wenn ich den Logfile Posten will kommt immer nen fehler Fatal error: Maximum execution time of 30 seconds exceeded in /www/htdocs/tbcom/includes/functions.php on line 1838 |
|
12.07.2010, 21:33
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Gefunden :S Bitte alle Logs in eine Datei zippen und diese ZIP-Datei dann hier anhängen.
__________________ --> Trojaner Gefunden :S |
|
12.07.2010, 22:07
| #7 |
| | Trojaner Gefunden :S Malwarebytes Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4305 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 12.07.2010 22:29:16 mbam-log-2010-07-12 (22-29-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 345261 Laufzeit: 35 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Edit: ich habe das gefühl das is zu viel text :S Geändert von BlackPearl (12.07.2010 um 22:13 Uhr) |
|
12.07.2010, 22:11
| #8 |
| | Trojaner Gefunden :S Extra.txt OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.07.2010 20:59:10 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\***\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 67,29 Gb Free Space | 68,98% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 286,37 Gb Free Space | 61,48% Space Free | Partition Type: NTFS
Drive E: | 200,43 Gb Total Space | 200,34 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{903029FE-FA82-427B-916C-AD08185DA3C2}" = Microsoft Xbox 360 Accessories 1.1
"{9F313496-82E8-4A99-9D4C-311531023746}" = TortoiseSVN 1.6.7.18415 (64 bit)
"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger Sensing Pad Driver
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.0021
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}" = BisonCam
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{75AE638F-750A-11DF-96D5-005056806466}" = Google Earth Plug-in
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.03.10
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{b09df901-f26e-4d4f-9c77-31894d31c3d9}" = Nero 9
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DE6E4530-4AB0-482E-91DE-7FE6309C6EF1}" = Camtasia Studio 7
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Black Mirror 2_is1" = Black Mirror 2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Fraps" = Fraps
"InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.0021
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1)
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"Steam App 39000" = Moonbase Alpha
"Tunngle beta_is1" = Tunngle beta
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2005" = QIP 2005 8095
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.07.2010 12:06:47 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 11.07.2010 12:16:15 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 11.07.2010 14:09:00 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 11.07.2010 14:09:46 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 11.07.2010 14:09:46 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 11.07.2010 14:29:02 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 11.07.2010 14:29:02 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 11.07.2010 15:23:55 | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 11.07.2010 15:24:41 | Computer Name = *** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\Nero\Nero 9\nero recode\Recode.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Error - 11.07.2010 15:25:10 | Computer Name = *** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\***\downloads\SoftonicDownloader26910.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
[ System Events ]
Error - 10.07.2010 05:24:42 | Computer Name = *** | Source = bowser | ID = 8003
Description =
Error - 10.07.2010 12:08:12 | Computer Name = *** | Source = bowser | ID = 8003
Description =
Error - 10.07.2010 12:12:12 | Computer Name = *** | Source = bowser | ID = 8003
Description =
Error - 10.07.2010 12:20:13 | Computer Name = *** | Source = bowser | ID = 8003
Description =
Error - 11.07.2010 12:25:54 | Computer Name = *** | Source = bowser | ID = 8003
Description =
Error - 12.07.2010 04:20:31 | Computer Name = *** | Source = bowser | ID = 8003
Description =
Error - 12.07.2010 06:57:02 | Computer Name = *** | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 5.68.81.37 registriert werden. Der Computer mit IP-Adresse 5.78.153.120
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 12.07.2010 08:57:19 | Computer Name = *** | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 5.68.81.37 registriert werden. Der Computer mit IP-Adresse 5.78.153.120
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 12.07.2010 11:12:38 | Computer Name = *** | Source = bowser | ID = 8003
Description =
Error - 12.07.2010 14:56:29 | Computer Name = *** | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?07.?2010 um 20:55:15 unerwartet heruntergefahren.
< End of report >
|
|
12.07.2010, 22:12
| #9 |
| | Trojaner Gefunden :S OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.07.2010 20:59:10 - Run 1 OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\***\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 67,29 Gb Free Space | 68,98% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 286,37 Gb Free Space | 61,48% Space Free | Partition Type: NTFS Drive E: | 200,43 Gb Total Space | 200,34 Gb Free Space | 99,95% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\PnkBstrB.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) PRC - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe () PRC - C:\Program Files (x86)\Hotkey\Hotkey.exe () PRC - C:\Program Files (x86)\BisonCam\BisonHK.exe (mychat) PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) ========== Modules (SafeList) ========== MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (PnkBstrB) -- C:\Windows\SysNative\PnkBstrB.exe File not found SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) SRV - (PowerBiosServer) -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab) DRV:64bit: - (KLBG) -- C:\Windows\SysNative\drivers\klbg.sys (Kaspersky Lab) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab) DRV:64bit: - (fspad_wlh64) -- C:\Windows\SysNative\drivers\fspad_wlh64.sys (Sentelic Corporation) DRV:64bit: - (johci) -- C:\Windows\SysNative\drivers\johci.sys (JMicron ) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (smserial) -- C:\Windows\SysNative\drivers\SmSerl64.sys (Motorola Inc.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. ) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.07.11 12:09:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.11 12:09:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.07.11 12:09:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010.07.04 20:21:17 | 000,000,000 | ---D | M] [2010.07.04 20:02:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.07.04 20:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.07.04 19:16:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iui49hbf.default\extensions [2010.07.12 15:34:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.07.04 20:21:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru [2010.07.06 21:24:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.07.06 21:24:50 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.07.06 21:24:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.07.06 21:24:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.06 21:24:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O4:64bit: - HKLM..\Run: [BisonHK] C:\Program Files (x86)\BisonCam\BisonHK.exe (mychat) O4:64bit: - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) O4 - HKCU..\Run: [AdobeBridge] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm () O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{05d36698-8797-11df-896f-0090f59c202f}\Shell - "" = AutoRun O33 - MountPoints2\{05d36698-8797-11df-896f-0090f59c202f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.12 20:11:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.07.12 20:11:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.07.12 20:11:12 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.07.12 20:11:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.07.12 20:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.12 19:31:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\tattoo [2010.07.12 17:04:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010.07.11 20:30:12 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\grid [2010.07.11 20:09:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fraps [2010.07.11 18:29:29 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Adobe [2010.07.11 18:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2010.07.11 18:24:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2010.07.11 18:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player [2010.07.11 18:23:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe [2010.07.11 18:22:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2010.07.11 18:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010.07.11 18:22:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2010.07.11 18:21:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared [2010.07.11 12:10:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer [2010.07.11 12:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010.07.11 12:09:48 | 000,180,224 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QTCF.dll [2010.07.11 12:09:48 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx [2010.07.11 12:09:48 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts [2010.07.11 12:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime Alternative [2010.07.10 22:55:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2010.07.10 21:17:49 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Rockstar Games [2010.07.10 21:06:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010.07.10 21:06:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2010.07.10 21:05:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Rockstar Games [2010.07.10 21:05:32 | 000,000,000 | RH-D | C] -- C:\Users\***\AppData\Roaming\SecuROM [2010.07.10 21:04:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2010.07.10 21:04:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2010.07.10 20:57:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ProtectDisc [2010.07.10 20:54:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\TechSmith [2010.07.10 20:54:36 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Camtasia Studio [2010.07.10 20:54:09 | 000,411,480 | ---- | C] (TechSmith Corporation) -- C:\Windows\SysWow64\tsccvid.dll [2010.07.10 20:53:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Flash [2010.07.10 20:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith [2010.07.10 20:53:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.07.10 20:53:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared [2010.07.10 20:53:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith [2010.07.08 20:20:36 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Games [2010.07.08 20:20:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations [2010.07.08 20:20:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2010.07.08 20:20:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA [2010.07.08 20:20:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2010.07.08 20:19:05 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll [2010.07.08 20:19:05 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2010.07.08 20:19:05 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll [2010.07.08 20:19:05 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2010.07.08 20:19:02 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll [2010.07.08 20:19:02 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2010.07.06 16:44:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe [2010.07.06 16:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2010.07.05 20:53:53 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll [2010.07.05 20:53:53 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll [2010.07.05 20:53:53 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll [2010.07.05 20:53:53 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll [2010.07.05 20:53:52 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll [2010.07.05 20:53:52 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll [2010.07.05 20:53:51 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll [2010.07.05 20:53:51 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll [2010.07.05 20:53:51 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll [2010.07.05 20:53:51 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll [2010.07.05 20:53:51 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll [2010.07.05 20:53:51 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll [2010.07.05 20:53:50 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll [2010.07.05 20:53:50 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll [2010.07.05 20:53:49 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll [2010.07.05 20:53:49 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll [2010.07.05 20:53:49 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll [2010.07.05 20:53:49 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll [2010.07.05 20:53:49 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll [2010.07.05 20:53:49 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll [2010.07.05 20:53:48 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll [2010.07.05 20:53:48 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll [2010.07.05 20:53:48 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll [2010.07.05 20:53:48 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2010.07.05 20:53:47 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll [2010.07.05 20:53:47 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll [2010.07.05 20:53:47 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll [2010.07.05 20:53:47 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll [2010.07.05 20:53:46 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll [2010.07.05 20:53:46 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll [2010.07.05 20:53:46 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll [2010.07.05 20:53:46 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll [2010.07.05 20:53:45 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll [2010.07.05 20:53:45 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll [2010.07.05 20:53:45 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll [2010.07.05 20:53:45 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll [2010.07.05 20:53:45 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll [2010.07.05 20:53:45 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll [2010.07.05 20:53:44 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll [2010.07.05 20:53:44 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll [2010.07.05 20:53:44 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll [2010.07.05 20:53:44 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll [2010.07.05 20:53:43 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll [2010.07.05 20:53:43 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2010.07.05 20:53:43 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll [2010.07.05 20:53:43 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll [2010.07.05 20:53:43 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll [2010.07.05 20:53:43 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2010.07.05 20:53:41 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll [2010.07.05 20:53:41 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll [2010.07.05 20:53:41 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll [2010.07.05 20:53:41 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll [2010.07.05 20:53:41 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll [2010.07.05 20:53:41 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll [2010.07.05 20:53:41 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll [2010.07.05 20:53:41 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll [2010.07.05 20:53:40 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll [2010.07.05 20:53:40 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll [2010.07.05 20:53:40 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll [2010.07.05 20:53:40 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll [2010.07.05 20:53:40 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll [2010.07.05 20:53:40 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll [2010.07.05 20:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters [2010.07.05 20:07:54 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Codemasters [2010.07.05 20:02:46 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll [2010.07.05 20:02:46 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll [2010.07.05 20:02:46 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll [2010.07.05 20:02:46 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll [2010.07.05 20:02:45 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll [2010.07.05 20:02:45 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll [2010.07.05 20:02:45 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll [2010.07.05 20:02:45 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll [2010.07.05 20:02:45 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll [2010.07.05 20:02:45 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll [2010.07.05 20:02:44 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll [2010.07.05 20:02:44 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll [2010.07.05 20:02:44 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll [2010.07.05 20:02:44 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll [2010.07.05 20:02:44 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll [2010.07.05 20:02:44 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll [2010.07.05 20:02:43 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll [2010.07.05 20:02:43 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll [2010.07.05 20:02:43 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll [2010.07.05 20:02:43 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll [2010.07.05 20:02:43 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll [2010.07.05 20:02:43 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll [2010.07.05 20:02:42 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll [2010.07.05 20:02:42 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll [2010.07.05 20:02:42 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll [2010.07.05 20:02:42 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll [2010.07.05 20:02:42 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll [2010.07.05 20:02:42 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll [2010.07.05 20:02:41 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll [2010.07.05 20:02:41 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll [2010.07.05 20:02:41 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll [2010.07.05 20:02:41 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll [2010.07.05 20:02:41 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll [2010.07.05 20:02:41 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll [2010.07.05 20:02:41 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll [2010.07.05 20:02:41 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll [2010.07.05 20:02:40 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll [2010.07.05 20:02:40 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll [2010.07.04 23:25:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nero [2010.07.04 23:11:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2010.07.04 23:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2010.07.04 23:11:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2010.07.04 23:05:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ScummVM [2010.07.04 23:01:26 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2010.07.04 23:01:26 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2010.07.04 23:01:26 | 000,121,880 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2010.07.04 23:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL [2010.07.04 23:01:25 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2010.07.04 23:01:24 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll [2010.07.04 23:01:24 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll [2010.07.04 23:01:23 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll [2010.07.04 23:01:23 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll [2010.07.04 23:01:23 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll [2010.07.04 23:01:23 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll [2010.07.04 23:01:23 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll [2010.07.04 23:01:23 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll [2010.07.04 23:01:22 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll [2010.07.04 23:01:22 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll [2010.07.04 23:01:21 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll [2010.07.04 23:01:21 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll [2010.07.04 23:01:21 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll [2010.07.04 23:01:21 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll [2010.07.04 23:01:14 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll [2010.07.04 23:01:14 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll [2010.07.04 23:01:13 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2010.07.04 23:01:13 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2010.07.04 23:01:13 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll [2010.07.04 23:01:13 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll [2010.07.04 23:01:13 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll [2010.07.04 23:01:13 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll [2010.07.04 23:01:12 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll [2010.07.04 23:01:12 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll [2010.07.04 23:01:11 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll [2010.07.04 23:01:11 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll [2010.07.04 23:01:11 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll [2010.07.04 23:01:11 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll [2010.07.04 23:01:10 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll [2010.07.04 23:01:10 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll [2010.07.04 23:01:09 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll [2010.07.04 23:01:09 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll [2010.07.04 23:01:07 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll [2010.07.04 23:01:07 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll [2010.07.04 23:01:02 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2010.07.04 23:01:02 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2010.07.04 23:00:59 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll [2010.07.04 23:00:59 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll [2010.07.04 23:00:59 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll [2010.07.04 23:00:59 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll [2010.07.04 23:00:57 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll [2010.07.04 23:00:57 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll [2010.07.04 23:00:57 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll [2010.07.04 23:00:57 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll [2010.07.04 23:00:56 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll [2010.07.04 23:00:56 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll [2010.07.04 23:00:55 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll [2010.07.04 23:00:55 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll [2010.07.04 23:00:53 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll [2010.07.04 23:00:53 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll [2010.07.04 23:00:51 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll [2010.07.04 23:00:51 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll [2010.07.04 22:46:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinRAR [2010.07.04 20:58:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TS3Client [2010.07.04 20:23:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia [2010.07.04 20:23:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe [2010.07.04 20:22:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2010.07.04 20:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2010.07.04 20:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2010.07.04 20:20:54 | 000,353,296 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2010.07.04 20:17:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Subversion [2010.07.04 20:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2010.07.04 20:02:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Thunderbird [2010.07.04 20:02:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Thunderbird [2010.07.04 20:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2010.07.04 20:01:39 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client [2010.07.04 20:00:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\TSVNCache [2010.07.04 19:58:12 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Xbox 360 Accessories [2010.07.04 19:57:12 | 000,000,000 | ---D | C] -- C:\Programme\TortoiseSVN [2010.07.04 19:57:12 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\TortoiseOverlays [2010.07.04 19:51:22 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Tunngle [2010.07.04 19:51:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Tunngle [2010.07.04 19:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle [2010.07.04 19:51:21 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys [2010.07.04 19:51:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tunngle [2010.07.04 19:51:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tunngle [2010.07.04 19:46:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2010.07.04 19:43:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\LogMeIn Hamachi [2010.07.04 19:22:51 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2010.07.04 19:22:37 | 000,000,000 | -HSD | C] -- C:\Boot [2010.07.04 19:20:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2010.07.04 19:19:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE [2010.07.04 19:19:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2010.07.04 19:19:11 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll [2010.07.04 19:19:11 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.07.04 19:19:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.07.04 19:19:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.07.04 19:19:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2010.07.04 19:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QIP [2010.07.04 19:16:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla [2010.07.04 19:16:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla [2010.07.04 19:15:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google [2010.07.04 19:15:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2010.07.04 19:14:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010.07.04 19:14:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIW [2010.07.04 19:13:48 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR [2010.07.04 19:10:41 | 000,060,416 | ---- | C] (ITE Tech. Inc. ) -- C:\Windows\SysNative\drivers\itecir.sys [2010.07.04 19:10:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ITE [2010.07.04 19:09:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BisonCam [2010.07.04 19:09:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield [2010.07.04 19:05:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotkey [2010.07.04 19:04:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\FSP [2010.07.04 19:02:49 | 000,000,000 | ---D | C] -- C:\Programme\FSP [2010.07.04 19:02:43 | 000,057,344 | ---- | C] (Sentelic Corporation) -- C:\Windows\SysNative\fspadco.dll [2010.07.04 19:02:42 | 000,052,736 | ---- | C] (Sentelic Corporation) -- C:\Windows\SysNative\drivers\fspad_wlh64.sys [2010.07.04 19:01:50 | 000,140,712 | ---- | C] (JMicron Technology Corporation) -- C:\Windows\SysNative\drivers\jmcr.sys [2010.07.04 19:01:50 | 000,110,080 | ---- | C] (JMicron Technology Corporation) -- C:\Windows\SysNative\jmcricon.dll [2010.07.04 19:01:48 | 000,109,568 | R--- | C] (JMicron Technology Corporation) -- C:\Windows\SysWow64\JmCrIcon.dll [2010.07.04 19:01:46 | 000,000,000 | ---D | C] -- C:\Windows\JMCR_DIR [2010.07.04 19:01:13 | 000,020,392 | ---- | C] (JMicron ) -- C:\Windows\SysNative\drivers\johci.sys [2010.07.04 19:01:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JMicron [2010.07.04 18:58:21 | 000,346,144 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2010.07.04 18:58:21 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll [2010.07.04 18:55:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2010.07.04 18:55:47 | 000,000,000 | ---D | C] -- C:\Programme\Realtek [2010.07.04 18:55:32 | 002,719,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2010.07.04 18:55:32 | 001,943,584 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2010.07.04 18:55:32 | 001,660,960 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2010.07.04 18:55:32 | 001,210,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2010.07.04 18:55:32 | 000,612,384 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2010.07.04 18:55:32 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2010.07.04 18:55:32 | 000,476,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2010.07.04 18:55:32 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2010.07.04 18:55:32 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2010.07.04 18:55:32 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2010.07.04 18:55:32 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2010.07.04 18:55:32 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2010.07.04 18:55:32 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2010.07.04 18:55:32 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2010.07.04 18:55:32 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2010.07.04 18:55:32 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2010.07.04 18:55:32 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2010.07.04 18:55:32 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2010.07.04 18:55:32 | 000,069,664 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll [2010.07.04 18:55:31 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2010.07.04 18:55:31 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2010.07.04 18:55:31 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2010.07.04 18:55:31 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2010.07.04 18:55:31 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2010.07.04 18:55:31 | 000,489,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2010.07.04 18:55:31 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2010.07.04 18:55:31 | 000,331,168 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2010.07.04 18:55:31 | 000,325,904 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2010.07.04 18:55:31 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2010.07.04 18:55:31 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2010.07.04 18:55:31 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2010.07.04 18:55:31 | 000,168,288 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2010.07.04 18:55:31 | 000,123,664 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2010.07.04 18:55:31 | 000,123,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2010.07.04 18:55:31 | 000,122,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2010.07.04 18:55:31 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2010.07.04 18:55:31 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2010.07.04 18:55:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2010.07.04 18:55:28 | 001,247,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2010.07.04 18:55:28 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2010.07.04 18:55:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2010.07.04 18:51:18 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2010.07.04 18:51:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2010.07.04 18:51:07 | 000,000,000 | ---D | C] -- C:\Intel [2010.07.04 18:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2010.07.04 18:46:30 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2010.07.04 18:46:20 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation [2010.07.04 18:41:37 | 000,000,000 | R--D | C] -- C:\Users\***\Searches [2010.07.04 18:41:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities [2010.07.04 18:41:23 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts [2010.07.04 18:41:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore [2010.07.04 18:41:03 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen [2010.07.04 18:41:03 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf [2010.07.04 18:41:03 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files [2010.07.04 18:41:03 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü [2010.07.04 18:41:03 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo [2010.07.04 18:41:03 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent [2010.07.04 18:41:03 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung [2010.07.04 18:41:03 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen [2010.07.04 18:41:03 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos [2010.07.04 18:41:03 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik [2010.07.04 18:41:03 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien [2010.07.04 18:41:03 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder [2010.07.04 18:41:03 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung [2010.07.04 18:41:03 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies [2010.07.04 18:41:03 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten [2010.07.04 18:41:03 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten [2010.07.04 18:41:02 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft [2010.07.04 18:41:02 | 000,000,000 | R--D | C] -- C:\Users\***\Videos [2010.07.04 18:41:02 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games [2010.07.04 18:41:02 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures [2010.07.04 18:41:02 | 000,000,000 | R--D | C] -- C:\Users\***\Music [2010.07.04 18:41:02 | 000,000,000 | R--D | C] -- C:\Users\***\Links [2010.07.04 18:41:02 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites [2010.07.04 18:41:02 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads [2010.07.04 18:41:02 | 000,000,000 | R--D | C] -- C:\Users\***\Documents [2010.07.04 18:41:02 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop [2010.07.04 18:41:02 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData [2010.07.04 18:41:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp [2010.07.04 18:41:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft [2010.07.04 18:41:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs [2010.07.04 18:39:17 | 000,000,000 | -HSD | C] -- C:\Recovery [2010.07.04 18:39:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2010.07.04 18:39:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2010.07.04 18:39:16 | 000,000,000 | -HSD | C] -- C:\Programme [2010.07.04 18:39:16 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien [2010.07.04 18:39:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2010.07.04 18:39:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2010.07.04 18:39:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2010.07.04 18:39:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2010.07.04 18:39:16 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2010.07.04 18:39:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2010.07.04 18:39:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2010.07.04 18:26:34 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010.07.04 18:24:25 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2010.07.04 18:23:30 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2010.06.27 13:17:01 | 006,020,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2010.06.27 13:17:01 | 000,064,616 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2010.06.27 13:17:01 | 000,056,424 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2010.06.27 13:17:00 | 020,469,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2010.06.27 13:17:00 | 004,321,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2010.06.27 13:16:59 | 014,924,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2010.06.27 13:16:59 | 004,645,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvencodemft.dll [2010.06.27 13:16:59 | 004,338,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvencodemft.dll [2010.06.27 13:16:59 | 000,386,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll [2010.06.27 13:16:59 | 000,318,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll [2010.06.27 13:16:58 | 011,862,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2010.06.27 13:16:58 | 009,389,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2010.06.27 13:16:58 | 005,416,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2010.06.27 13:16:58 | 004,325,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2010.06.27 13:16:58 | 004,077,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2010.06.27 13:16:58 | 004,061,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2010.06.27 13:16:58 | 002,332,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2010.06.27 13:16:58 | 002,243,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2010.06.27 13:16:57 | 011,639,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2010.06.27 13:16:56 | 016,051,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2010.06.27 13:16:56 | 001,582,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2010.06.27 13:16:56 | 001,283,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2010.06.27 13:16:56 | 000,930,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpinst.exe [2010.06.27 13:16:56 | 000,202,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod197.dll [2010.06.27 13:16:56 | 000,202,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll [2010.06.27 13:16:56 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd [2010.06.15 04:16:24 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll [2010.06.15 04:16:22 | 000,084,992 | ---- | C] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.12 20:56:34 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.07.12 20:56:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.12 20:56:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.12 20:56:24 | 3212,230,656 | -HS- | M] () -- C:\hiberfil.sys [2010.07.12 20:55:38 | 001,572,864 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.07.12 20:55:32 | 002,562,199 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.07.12 20:27:54 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.07.12 20:27:54 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.07.12 20:27:54 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.07.12 20:27:54 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.07.12 20:27:54 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.07.12 20:20:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.07.12 20:11:16 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.12 09:55:44 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.12 09:55:44 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.12 08:29:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat [2010.07.11 20:09:31 | 000,000,967 | ---- | M] () -- C:\Users\***\Desktop\Fraps.lnk [2010.07.11 19:59:37 | 002,892,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.07.11 19:23:07 | 000,005,120 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.11 18:29:15 | 000,062,120 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2010.07.10 21:01:31 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000E3E.LCS [2010.07.07 18:16:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010.07.05 20:54:32 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.07.05 20:54:22 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2010.07.05 20:54:22 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.07.05 20:02:48 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2010.07.05 20:02:48 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2010.07.05 20:02:48 | 000,121,880 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2010.07.05 20:02:48 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2010.07.04 23:47:19 | 000,000,757 | ---- | M] () -- C:\Users\***\Desktop\Black Mirror 2.lnk [2010.07.04 22:42:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010.07.04 20:51:05 | 000,149,773 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2010.07.04 20:51:05 | 000,106,765 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2010.07.04 20:20:54 | 000,353,296 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2010.07.04 20:06:33 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2010.07.04 19:58:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01001.Wdf [2010.07.04 19:22:39 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010.07.04 19:19:34 | 000,000,490 | ---- | M] () -- C:\Users\***\Desktop\Worksheet II (E).lnk [2010.07.04 19:19:33 | 000,000,483 | ---- | M] () -- C:\Users\***\Desktop\Worksheet (D).lnk [2010.07.04 19:19:06 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll [2010.07.04 19:19:06 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.07.04 19:19:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.07.04 19:19:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.07.04 19:16:15 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2010.07.04 19:14:57 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.07.04 19:05:19 | 000,000,865 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2010.07.04 19:02:01 | 000,000,131 | ---- | M] () -- C:\Windows\xUninstall.bat [2010.07.04 19:02:01 | 000,000,032 | ---- | M] () -- C:\Windows\Setuplog.ini [2010.07.04 18:47:16 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.07.04 18:47:16 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.07.04 18:47:16 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.07.04 18:45:14 | 000,000,702 | ---- | M] () -- C:\Users\***\Desktop\Eigene Dateien.lnk [2010.07.04 18:41:03 | 000,000,020 | -HS- | M] () -- C:\Users\***\ntuser.ini [2010.07.04 18:27:35 | 000,057,050 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2010.07.04 18:27:35 | 000,057,050 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2010.06.15 04:16:24 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll [2010.06.15 04:16:22 | 000,084,992 | ---- | M] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.12 20:11:16 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.11 20:09:31 | 000,000,967 | ---- | C] () -- C:\Users\***\Desktop\Fraps.lnk [2010.07.10 20:57:16 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00000E3E.LCS [2010.07.10 20:55:33 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.07 18:16:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010.07.05 20:54:23 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.07.05 20:54:22 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2010.07.05 20:54:22 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.07.04 23:47:19 | 000,000,757 | ---- | C] () -- C:\Users\***\Desktop\Black Mirror 2.lnk [2010.07.04 22:42:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010.07.04 20:21:39 | 000,149,773 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2010.07.04 20:21:38 | 000,106,765 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2010.07.04 20:06:33 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2010.07.04 19:58:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01001.Wdf [2010.07.04 19:53:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2010.07.04 19:22:39 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2010.07.04 19:22:37 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2010.07.04 19:22:20 | 000,171,136 | RHS- | C] () -- C:\grldr [2010.07.04 19:19:34 | 000,000,490 | ---- | C] () -- C:\Users\***\Desktop\Worksheet II (E).lnk [2010.07.04 19:19:32 | 000,000,483 | ---- | C] () -- C:\Users\***\Desktop\Worksheet (D).lnk [2010.07.04 19:16:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.07.04 19:15:11 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.07.04 19:15:10 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.07.04 19:14:57 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.07.04 19:09:29 | 000,000,102 | R--- | C] () -- C:\Windows\OEM.ini [2010.07.04 19:05:19 | 000,000,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2010.07.04 19:02:01 | 000,000,131 | ---- | C] () -- C:\Windows\xUninstall.bat [2010.07.04 19:01:35 | 000,000,032 | ---- | C] () -- C:\Windows\Setuplog.ini [2010.07.04 18:58:21 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll [2010.07.04 18:45:14 | 000,000,702 | ---- | C] () -- C:\Users\***\Desktop\Eigene Dateien.lnk [2010.07.04 18:41:03 | 000,000,020 | -HS- | C] () -- C:\Users\***\ntuser.ini [2010.07.04 18:41:02 | 001,572,864 | -HS- | C] () -- C:\Users\***\NTUSER.DAT [2010.07.04 18:41:02 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.07.04 18:41:02 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.07.04 18:41:02 | 000,262,144 | -HS- | C] () -- C:\Users\***\ntuser.dat.LOG1 [2010.07.04 18:41:02 | 000,065,536 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.07.04 18:41:02 | 000,000,000 | -HS- | C] () -- C:\Users\***\ntuser.dat.LOG2 [2010.07.04 18:23:31 | 3212,230,656 | -HS- | C] () -- C:\hiberfil.sys [2010.06.27 13:16:59 | 000,009,161 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll < End of report > Geändert von BlackPearl (12.07.2010 um 22:19 Uhr) Grund: Schreibfehler in Überschrift |
|
12.07.2010, 22:13
| #10 |
| | Trojaner Gefunden :S Sry wegen Spam aber ging irgendwie nicht anders :S Edit: Malwarebytes hatte beim ersten lauf 3 infizierten dateien gefunden, diese dann gelöscht. Leider weiße ich nicht welche Files das wahren weil die Logfile nicht gespeichert wurde. Ich hab den Scann jetzt 2 mal gemacht Edit 2: Ich hab das Logfile gefunden ! omg heute spinnt irgendwie alles -.-" Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4305 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 12.07.2010 20:55:17 mbam-log-2010-07-12 (20-55-17).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 345578 Laufzeit: 35 Minute(n), 0 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5NQGU7T\n00a102318r0007J10000601R43329fdcW9ff727c8X7b12424bY37288e62Z03006f360[1] (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Temp\xDhY.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\***\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll (Trojan.Agent) -> Quarantined and deleted successfully. Geändert von BlackPearl (12.07.2010 um 22:36 Uhr) |
|
13.07.2010, 08:35
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Gefunden :S Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{05d36698-8797-11df-896f-0090f59c202f}\Shell - "" = AutoRun
O33 - MountPoints2\{05d36698-8797-11df-896f-0090f59c202f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.07.2010, 15:51
| #12 |
| | Trojaner Gefunden :S All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05d36698-8797-11df-896f-0090f59c202f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05d36698-8797-11df-896f-0090f59c202f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05d36698-8797-11df-896f-0090f59c202f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05d36698-8797-11df-896f-0090f59c202f}\ not found. File G:\autorun.exe not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: *** ->Temp folder emptied: 2190668610 bytes ->Temporary Internet Files folder emptied: 2750001 bytes ->Java cache emptied: 10680337 bytes ->FireFox cache emptied: 85473285 bytes ->Flash cache emptied: 10524 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 3221600 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4153826 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 1383403 bytes Total Files Cleaned = 2.192,00 mb OTL by OldTimer - Version 3.2.9.0 log created on 07132010_164133 Files\Folders moved on Reboot... C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... |
|
13.07.2010, 15:58
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Gefunden :S Da Du ein 64-Bit-Windows verwendest, sind wir mit unseren "Standardtools" schon am Ende, denn viele sind mit dem 64-Bit-Win nicht kompatibel. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.07.2010, 16:07
| #14 |
| | Trojaner Gefunden :S Okay ^^, wie sieht es den momentan aus ? gut oder schlecht ? :S eidt: Soll ich nur dem Vollen Scan von SUPERAntiSpyware machen oder den Anleitung Komplett folgen ? |
|
13.07.2010, 17:50
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Gefunden :S Lt. Anleitung machst Du einen Vollscan!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner Gefunden :S |
| bericht, bild, frage, gefunde, hallo zusammen, infiziert, kaspersky, komische, komplett, nichts, scan, seite, system, troja, trojaner, trojaner gefunden, zusammen |
Linear-Darstellung
