Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Verdacht auf Trojaner oder Keylogger

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.06.2011, 21:10   #1
Themaster453
 
Verdacht auf Trojaner oder Keylogger - Ausrufezeichen

Verdacht auf Trojaner oder Keylogger



Hallo, ich bitte um eure Hilfe. Als ich mich vor 3 Tagen in mein Facebook Account eingeloggt habe stand dort das von einem anderen Ort auf mein Account zugegriffen wurde. Daraufhin habe ich mein Passwort geändert und dachte mir auch nichts dabei. Doch heute wollte ich mich bei google anmelden um meine mails abzurufen und das Passwort war Falsch. Jetzt wollte ich es zurücksetzten doch ich weiß die Sicherheitsfrage nicht mehr weil der Account auch schon ziemlich alt ist. Jetzt schickt mir google warscheinlich mein Passwort an meine andere E-mail. Ich untersuche meinen Computer gerade auf Viren mit Kaspersky 2012, doch das Programm hat noch nichts gefunden. Bitte um schnelle Antworten was ich machen kann! Liebe Grüsse

Alt 19.06.2011, 16:18   #2
markusg
/// Malware-holic
 
Verdacht auf Trojaner oder Keylogger - Standard

Verdacht auf Trojaner oder Keylogger



hi
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten
__________________

__________________

Alt 19.06.2011, 18:59   #3
Themaster453
 
Verdacht auf Trojaner oder Keylogger - Standard

Verdacht auf Trojaner oder Keylogger



Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 19.06.2011 19:39:44 - Run 1
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\Dennis\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,88% Memory free
7,99 Gb Paging File | 6,67 Gb Available in Paging File | 83,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,47 Gb Total Space | 181,86 Gb Free Space | 73,49% Space Free | Partition Type: NTFS
Drive D: | 25,39 Gb Total Space | 25,30 Gb Free Space | 99,65% Space Free | Partition Type: NTFS
Drive G: | 7,42 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: GAMING-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1410892137-877069167-2350996814-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{372806CA-AE32-4A49-9CC1-EF9E3AB28D5C}" = O&O Defrag Server
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CyberGhost VPN_is1" = CyberGhost VPN
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR arkivering
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{3A03D3D2-46C7-49ED-B60B-B91B1F5E71D3}_is1" = Game Prelauncher version 3.1.2
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{48418FBF-A20E-4BF2-90DA-561C2ECB721A}_is1" = Window Renamer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8E2FCC0-C524-4546-8859-A7F5D2BE6E5E}" = FBP - Facebook Blaster Pro
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E635F595-7D51-459D-9E2B-827F234F9D4E}" = FriendAdderElite
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Alice: Madness Returns_is1" = Alice: Madness Returns
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 3.7.7
"AnyTV Pro_is1" = AnyTV Pro 5.1
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"CursorFX" = CursorFX
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"EADM" = EA Download Manager
"facemoods" = Facemoods Toolbar
"Game Booster 3_is1" = Game Booster
"Garena" = Garena 2010
"Hide IP Platinum_is1" = Hide IP Platinum 3.42
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PPLive" = PPLive 1.9
"Premium Link Generator 1.00" = Premium Link Generator 1.00
"RocketDock_is1" = RocketDock 1.3.5
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SopCast" = SopCast 3.3.2
"Steam App 13140" = America's Army 3
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"TeamViewer 6" = TeamViewer 6
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"TVAnts 1.0" = TVAnts 1.0
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1410892137-877069167-2350996814-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FlyFFAutomaton" = FlyFF Automaton (v1.00)
"Google Chrome" = Google Chrome
"Megakey" = Megakey
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10.05.2011 15:06:45 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Faulting application name: BFP4f.exe, version: 0.0.0.0, time stamp:
 0x4dc405a3  Faulting module name: BFP4f.exe, version: 0.0.0.0, time stamp: 0x4dc405a3
Exception
 code: 0xc0000005  Fault offset: 0x00327964  Faulting process id: 0xd74  Faulting application
 start time: 0x01cc0f44ea688016  Faulting application path: C:\Program Files (x86)\EA
 Games\Battlefield Play4Free\BFP4f.exe  Faulting module path: C:\Program Files (x86)\EA
 Games\Battlefield Play4Free\BFP4f.exe  Report Id: a53e1f07-7b38-11e0-8cd3-001f16187740
 
Error - 12.05.2011 08:05:09 | Computer Name = Gaming-PC | Source = Application Hang | ID = 1002
Description = The program Neuz.exe version 3.8.22.1 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 404    Start Time:
 01cc109ccb842810    Termination Time: 13    Application Path: C:\Program Files\gPotato.eu\FlyFF\Neuz.exe

Report
 Id: 132c1a32-7c90-11e0-9212-001f16187740  
 
Error - 12.05.2011 13:15:04 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Faulting application name: javaw.exe, version: 6.0.250.6, time stamp:
 0x4da6bb44  Faulting module name: java.dll, version: 6.0.250.6, time stamp: 0x4da6f198
Exception
 code: 0xc0000005  Fault offset: 0x00004e2f  Faulting process id: 0xcfc  Faulting application
 start time: 0x01cc10c820f9f2ac  Faulting application path: C:\Program Files (x86)\Java\jre6\bin\javaw.exe
Faulting
 module path: C:\Program Files (x86)\Java\jre6\bin\java.dll  Report Id: 603d86db-7cbb-11e0-9212-001f16187740
 
Error - 13.05.2011 10:03:16 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Faulting application name: avp.exe, version: 11.0.2.571, time stamp:
 0x4cd05f34  Faulting module name: Ushata.dll, version: 11.0.2.556, time stamp: 0x4cab5fa3
Exception
 code: 0xc0000005  Fault offset: 0x0000540d  Faulting process id: 0x750  Faulting application
 start time: 0x01cc117098cbfc6e  Faulting application path: C:\Program Files (x86)\Kaspersky
 Lab\Kaspersky Internet Security 2011\avp.exe  Faulting module path: C:\Program Files
 (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\Ushata.dll  Report Id: beffe97b-7d69-11e0-9613-001f16187740
 
Error - 13.05.2011 10:47:57 | Computer Name = Gaming-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Kuma
 Games\MFC80.DLL".  Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 13.05.2011 10:47:57 | Computer Name = Gaming-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Kuma
 Games\MFC80.DLL".  Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 13.05.2011 16:30:04 | Computer Name = Gaming-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Common
 Files\AVSMedia\ActiveX\AVSShellConverter64.dll".  Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 13.05.2011 16:45:30 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AVSVideoConverter.exe, version: 7.1.2.480,
 time stamp: 0x00000000  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x137520d7  Faulting process id:
 0xfd4  Faulting application start time: 0x01cc11ae4aab1784  Faulting application path:
 C:\program files (x86)\avs4you\avsvideoconverter\AVSVideoConverter.exe  Faulting 
module path: unknown  Report Id: f00dd41f-7da1-11e0-b055-001f16187740
 
Error - 13.05.2011 16:46:51 | Computer Name = Gaming-PC | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 14.05.2011 10:30:26 | Computer Name = Gaming-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'systemapp.exe' could not be shut down.
 
[ System Events ]
Error - 31.05.2011 10:19:10 | Computer Name = Gaming-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 31.05.2011 11:22:10 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description = The Avira AntiVir WebGuard service depends on the Avira AntiVir Guard
 service which failed to start because of the following error:   %%0
 
Error - 31.05.2011 11:22:10 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description = The Avira AntiVir MailGuard service depends on the Avira AntiVir Guard
 service which failed to start because of the following error:   %%1062
 
Error - 31.05.2011 12:21:25 | Computer Name = Gaming-PC | Source = bowser | ID = 8003
Description = 
 
Error - 31.05.2011 14:12:23 | Computer Name = Gaming-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 31.05.2011 14:12:22 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
 Host service which failed to start because of the following error:   %%1058
 
Error - 31.05.2011 14:12:22 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
 Host service which failed to start because of the following error:   %%1058
 
Error - 31.05.2011 14:12:25 | Computer Name = Gaming-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 31.05.2011 14:23:18 | Computer Name = Gaming-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 01.06.2011 07:37:17 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
 Host service which failed to start because of the following error:   %%1058
 
 
< End of report >
         
__________________

Alt 19.06.2011, 19:00   #4
Themaster453
 
Verdacht auf Trojaner oder Keylogger - Standard

Verdacht auf Trojaner oder Keylogger



OTL.txt
Code:
ATTFilter
OTL logfile created on: 19.06.2011 19:39:44 - Run 1
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\Dennis\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,88% Memory free
7,99 Gb Paging File | 6,67 Gb Available in Paging File | 83,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,47 Gb Total Space | 181,86 Gb Free Space | 73,49% Space Free | Partition Type: NTFS
Drive D: | 25,39 Gb Total Space | 25,30 Gb Free Space | 99,65% Space Free | Partition Type: NTFS
Drive G: | 7,42 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: GAMING-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dennis\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Dennis\AppData\Local\Megamedia\Megakey\Megakey.exe (Megamedia Ltd.)
PRC - C:\Users\Dennis\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe (Megamedia Ltd.)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Dennis\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Stardock\CursorFX\CurXP0.dll ( )
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (CGVPNCliSrvc) -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV:64bit: - (OODefragAgent) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_e877e12.dll ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (GatewayAgentService) -- C:\Program Files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe (O&O Software GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (MonitorFunction) -- C:\Windows\SysNative\drivers\TVMonitor.sys (TeamViewer GmbH)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 188.129.152.98:34463
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 188.129.152.98:34463
 
 
 
IE - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 69 6E 10 F3 CF 05 CC 01  [binary data]
IE - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.facemoods.com/?a=ddrnw"
FF - prefs.js..network.proxy.ftp: "188.129.152.98"
FF - prefs.js..network.proxy.ftp_port: 34463
FF - prefs.js..network.proxy.http: "188.129.152.98"
FF - prefs.js..network.proxy.http_port: 34463
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "188.129.152.98"
FF - prefs.js..network.proxy.socks_port: 34463
FF - prefs.js..network.proxy.ssl: "188.129.152.98"
FF - prefs.js..network.proxy.ssl_port: 34463
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.06.02 20:43:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.06.02 20:43:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011.06.07 15:53:17 | 000,000,000 | ---D | M]
 
[2011.05.14 16:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\i2z78o5v.default\extensions
[2011.05.14 17:11:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.05.03 17:24:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.05.02 18:34:30 | 000,000,000 | ---D | M] (ScanQuery) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}
[2011.05.03 13:43:04 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011.05.03 13:43:04 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011.05.12 17:02:16 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
 
O1 HOSTS File: ([2011.06.02 19:39:21 | 000,000,533 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (MegaIeHelperBHO Class) - {77F4E711-789B-447F-9614-96759B2F83C6} - C:\Users\Dennis\AppData\Local\Megamedia\Megakey\x64\MegaIeHelper64.dll (Megamedia Ltd.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (MegaIeHelperBHO Class) - {77F4E711-789B-447F-9614-96759B2F83C6} - C:\Users\Dennis\AppData\Local\Megamedia\Megakey\MegaIeHelper.dll (Megamedia Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O3 - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKU\.DEFAULT..\Run: [Welcome Center] C:\Windows\SysWow64\OobeFldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [Welcome Center] C:\Windows\SysWow64\OobeFldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1410892137-877069167-2350996814-1001..\Run: [CursorFX] C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
O4 - HKU\S-1-5-21-1410892137-877069167-2350996814-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1410892137-877069167-2350996814-1001..\Run: [Megakey] C:\Users\Dennis\AppData\Local\Megamedia\Megakey\Megakey.exe (Megamedia Ltd.)
O4 - HKU\S-1-5-21-1410892137-877069167-2350996814-1001..\Run: [MegakeyUpdater] C:\Users\Dennis\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe (Megamedia Ltd.)
O4 - HKU\S-1-5-21-1410892137-877069167-2350996814-1001..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-1410892137-877069167-2350996814-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin]  File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin]  File not found
O4 - HKU\S-1-5-21-1410892137-877069167-2350996814-1003..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-1410892137-877069167-2350996814-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Capture Web Page - C:\Users\Dennis\AppData\Local\Megamedia\Megakey\CaptureWebPage.htm ()
O8:64bit: - Extra context menu item: Fetch to Megaupload - C:\Users\Dennis\AppData\Local\Megamedia\Megakey\MegaUpload.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Capture Web Page - C:\Users\Dennis\AppData\Local\Megamedia\Megakey\CaptureWebPage.htm ()
O8 - Extra context menu item: Fetch to Megaupload - C:\Users\Dennis\AppData\Local\Megamedia\Megakey\MegaUpload.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ( )
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ( )
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\ProgramData\Megamedia\Megakey\msadm.dll (Megamedia Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\S-1-5-21-1410892137-877069167-2350996814-1001 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.06.15 22:04:08 | 000,000,100 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{912b96f0-723c-11e0-aae6-001f16187740}\Shell - "" = AutoRun
O33 - MountPoints2\{912b96f0-723c-11e0-aae6-001f16187740}\Shell\AutoRun\command - "" = G:\Setup.exe -- [2011.06.15 22:04:08 | 000,699,990 | R--- | M] (EA Games                                                    )
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^leftsider64.exe -  - File not found
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: MSASCui - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: OODefragTray - hkey= - key= - C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: uTorrent - hkey= - key= - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
MsConfig:64bit - StartUpReg: XeroxEndeavorBackgroundTask - hkey= - key= -  File not found
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: TabletInputService - Service
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: TabletInputService - Service
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TabletInputService - Service
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TabletInputService - Service
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.18 21:26:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}
[2011.06.18 21:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2011.06.18 18:16:33 | 000,000,000 | ---D | C] -- C:\Update
[2011.06.18 18:16:16 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Megamedia
[2011.06.18 18:16:14 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Megakey
[2011.06.18 18:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Megamedia
[2011.06.18 18:16:03 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Megamedia
[2011.06.18 11:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011.06.17 13:45:21 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\NVIDIA
[2011.06.17 13:45:13 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Documents\My Games
[2011.06.17 13:39:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2011.06.17 13:14:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2011.06.16 18:14:36 | 000,000,000 | -HSD | C] -- C:\found.000
[2011.06.16 16:39:35 | 000,898,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OobeFldr.dll
[2011.06.15 19:07:53 | 001,426,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco642040.dll
[2011.06.15 19:07:53 | 000,174,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2011.06.15 19:07:53 | 000,070,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapo64v.dll
[2011.06.15 19:07:53 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2011.06.15 19:07:50 | 022,286,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011.06.15 19:07:50 | 018,583,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011.06.15 19:07:50 | 016,456,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011.06.15 19:07:50 | 015,223,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011.06.15 19:07:50 | 013,011,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011.06.15 19:07:50 | 011,992,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011.06.15 19:07:50 | 008,863,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011.06.15 19:07:50 | 007,123,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011.06.15 19:07:50 | 006,555,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011.06.15 19:07:50 | 005,301,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011.06.15 19:07:50 | 002,943,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011.06.15 19:07:50 | 002,804,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011.06.15 19:07:50 | 002,644,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011.06.15 19:07:50 | 002,335,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011.06.15 19:07:50 | 002,212,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011.06.15 19:07:50 | 002,082,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011.06.15 19:07:50 | 001,496,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420150.dll
[2011.06.15 19:07:50 | 001,427,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642090.dll
[2011.06.15 19:07:50 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.06.15 19:07:50 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011.06.15 19:07:50 | 000,012,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2011.06.15 19:06:55 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011.06.15 18:53:28 | 001,619,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420140.dll
[2011.06.15 18:53:28 | 001,404,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642060.dll
[2011.06.15 16:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Prelauncher
[2011.06.15 16:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Game Prelauncher
[2011.06.15 16:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3
[2011.06.15 16:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011.06.14 14:34:39 | 000,108,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\socket.ocx
[2011.06.13 03:58:54 | 000,000,000 | ---D | C] -- C:\Windows\vf_hip
[2011.06.13 03:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hide IP Platinum
[2011.06.13 03:58:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hide IP Platinum
[2011.06.12 16:17:15 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Solo-Dev
[2011.06.11 22:27:53 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Documents\Duke Nukem Forever
[2011.06.11 22:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2011.06.11 22:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Duke Nukem Forever
[2011.06.11 15:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.06.11 15:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011.06.11 11:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Premium Link Generator
[2011.06.10 16:28:07 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\VirtualStore
[2011.06.09 17:37:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oodag
[2011.06.09 17:25:01 | 000,016,376 | ---- | C] (TeamViewer GmbH) -- C:\Windows\SysNative\drivers\TVMonitor.sys
[2011.06.09 17:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2011.06.09 16:49:27 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\O&O
[2011.06.09 16:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\OO Software
[2011.06.09 16:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OO Software
[2011.06.09 16:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2011.06.09 16:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software
[2011.06.09 16:49:00 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Downloaded Installations
[2011.06.08 20:28:08 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Documents\Tunngle
[2011.06.08 20:28:08 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Tunngle
[2011.06.08 20:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle
[2011.06.08 20:28:05 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys
[2011.06.08 14:02:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2011.06.07 15:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2011.06.07 15:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.06.07 15:52:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011.06.07 15:52:44 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011.06.05 14:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Window Renamer
[2011.06.05 14:50:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Window Renamer
[2011.06.03 19:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011.06.03 16:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Xerox
[2011.06.02 20:45:36 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\DDMSettings
[2011.06.02 20:43:16 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\DivX
[2011.06.02 20:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011.06.02 20:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011.06.02 20:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011.06.02 20:42:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2011.06.02 20:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2011.06.02 20:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011.06.02 20:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoshopPortable
[2011.06.02 19:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011.06.02 19:00:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.06.02 18:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FBP - Facebook Blaster Pro
[2011.06.02 18:49:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FBP - Facebook Blaster Pro
[2011.06.02 18:25:41 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Creative Suite 5.5 Design Premium
[2011.06.02 18:23:19 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.06.02 18:23:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011.05.31 17:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.05.30 14:36:56 | 000,000,000 | ---D | C] -- C:\Users\Dennis\fontconfig
[2011.05.30 12:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S.A.D
[2011.05.30 12:08:40 | 000,029,696 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2011.05.30 12:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\S.A.D
[2011.05.29 21:25:28 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.05.29 21:23:39 | 000,000,000 | ---D | C] -- C:\.Trash-1000
[2011.05.29 20:23:31 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\CrashRpt
[2011.05.29 18:36:06 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\AOL
[2011.05.29 18:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2011.05.29 18:35:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL
[2011.05.29 16:08:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2011.05.29 16:06:41 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\uTorrent
[2011.05.29 16:06:26 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\uTorrent
[2011.05.29 13:32:56 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Games
[2011.05.27 16:25:54 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Garena
[2011.05.27 16:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
[2011.05.27 16:25:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garena
[2011.05.24 18:24:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange
[2011.05.24 18:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2011.05.24 15:13:39 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\vlc
[2011.05.24 15:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.05.24 15:12:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011.05.22 19:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.05.22 19:54:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011.05.21 16:11:30 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Electronic Arts
[2011.05.21 16:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2011.05.21 16:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011.05.21 16:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.19 19:41:41 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.19 19:41:41 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.19 19:39:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1410892137-877069167-2350996814-1001UA.job
[2011.06.19 19:34:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.19 19:34:17 | 000,051,040 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2011.06.17 20:02:32 | 000,000,221 | ---- | M] () -- C:\Users\Dennis\Desktop\America's Army 3.url
[2011.06.17 13:39:03 | 000,002,594 | ---- | M] () -- C:\Users\Public\Desktop\Alice Madness Returns.lnk
[2011.06.16 18:15:17 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat
[2011.06.16 15:58:30 | 000,000,000 | ---- | M] () -- C:\Report
[2011.06.16 14:39:03 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1410892137-877069167-2350996814-1001Core.job
[2011.06.16 12:41:46 | 000,036,892 | ---- | M] () -- C:\Windows\SysWow64\bassmod.dll
[2011.06.16 11:41:30 | 000,002,143 | ---- | M] () -- C:\Users\Dennis\Desktop\all good (GP).lnk
[2011.06.15 18:59:23 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.06.15 17:49:43 | 000,001,972 | ---- | M] () -- C:\Users\Dennis\Desktop\Nemo-Crack.ru.lnk
[2011.06.15 16:55:19 | 000,001,182 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode 3.lnk
[2011.06.15 16:55:19 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster 3.lnk
[2011.06.13 04:26:21 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.06.13 03:59:03 | 000,000,032 | ---- | M] () -- C:\Windows\go
[2011.06.13 03:58:54 | 000,001,092 | ---- | M] () -- C:\Users\Dennis\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide IP Platinum.lnk
[2011.06.13 03:58:54 | 000,001,068 | ---- | M] () -- C:\Users\Dennis\Desktop\Hide IP Platinum.lnk
[2011.06.11 11:25:04 | 000,001,996 | ---- | M] () -- C:\Users\Dennis\Desktop\Premium Link Generator.lnk
[2011.06.09 20:09:32 | 004,877,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.06.09 19:09:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2011.06.07 16:01:05 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011.06.07 15:54:56 | 000,017,408 | ---- | M] () -- C:\Users\Dennis\AppData\Local\WebpageIcons.db
[2011.06.07 15:53:54 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011.06.07 15:52:44 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011.06.05 12:41:48 | 000,736,514 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.06.05 12:41:48 | 000,623,054 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.06.05 12:41:48 | 000,109,176 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.05.30 14:36:40 | 000,000,237 | ---- | M] () -- C:\Users\Dennis\.swfinfo
[2011.05.30 10:41:30 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.05.30 10:41:30 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.05.30 10:32:16 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.05.29 18:36:05 | 000,000,360 | -H-- | M] () -- C:\IPH.PH
[2011.05.29 16:08:12 | 000,000,967 | ---- | M] () -- C:\Users\Dennis\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011.05.28 19:17:15 | 000,001,556 | ---- | M] () -- C:\Users\Dennis\PDF.lnk
[2011.05.28 12:55:45 | 000,001,709 | ---- | M] () -- C:\Windows\TSearch.INI
[2011.05.27 19:26:29 | 000,045,286 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\room_v3.dat
[2011.05.27 19:11:41 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.05.21 08:01:00 | 022,286,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011.05.21 08:01:00 | 018,583,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011.05.21 08:01:00 | 016,456,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011.05.21 08:01:00 | 015,223,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011.05.21 08:01:00 | 013,011,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011.05.21 08:01:00 | 011,992,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011.05.21 08:01:00 | 008,863,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011.05.21 08:01:00 | 007,123,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011.05.21 08:01:00 | 006,555,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011.05.21 08:01:00 | 006,300,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011.05.21 08:01:00 | 005,301,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011.05.21 08:01:00 | 003,040,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011.05.21 08:01:00 | 002,943,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011.05.21 08:01:00 | 002,804,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011.05.21 08:01:00 | 002,644,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011.05.21 08:01:00 | 002,560,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2011.05.21 08:01:00 | 002,335,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011.05.21 08:01:00 | 002,212,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011.05.21 08:01:00 | 002,082,408 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011.05.21 08:01:00 | 001,496,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420150.dll
[2011.05.21 08:01:00 | 001,427,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642090.dll
[2011.05.21 08:01:00 | 000,739,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\easyUpdatusAPIU64.dll
[2011.05.21 08:01:00 | 000,326,760 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhotkey.dll
[2011.05.21 08:01:00 | 000,117,864 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011.05.21 08:01:00 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.05.21 08:01:00 | 000,061,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011.05.21 08:01:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011.05.21 08:01:00 | 000,012,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2011.05.21 08:01:00 | 000,007,384 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2011.05.20 22:35:28 | 000,304,744 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.17 20:02:32 | 000,000,221 | ---- | C] () -- C:\Users\Dennis\Desktop\America's Army 3.url
[2011.06.17 13:39:03 | 000,002,594 | ---- | C] () -- C:\Users\Public\Desktop\Alice Madness Returns.lnk
[2011.06.16 18:15:17 | 000,003,304 | ---- | C] () -- C:\bootsqm.dat
[2011.06.16 16:39:34 | 000,035,048 | ---- | C] () -- C:\Windows\Startorb image.bmp
[2011.06.16 15:58:30 | 000,000,000 | ---- | C] () -- C:\Report
[2011.06.16 12:41:46 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll
[2011.06.15 18:59:23 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.06.15 17:42:57 | 000,001,972 | ---- | C] () -- C:\Users\Dennis\Desktop\Nemo-Crack.ru.lnk
[2011.06.15 17:11:49 | 000,002,143 | ---- | C] () -- C:\Users\Dennis\Desktop\all good (GP).lnk
[2011.06.15 16:55:19 | 000,001,182 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode 3.lnk
[2011.06.15 16:55:19 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster 3.lnk
[2011.06.13 03:59:03 | 000,000,032 | ---- | C] () -- C:\Windows\go
[2011.06.13 03:58:54 | 000,001,092 | ---- | C] () -- C:\Users\Dennis\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide IP Platinum.lnk
[2011.06.13 03:58:54 | 000,001,068 | ---- | C] () -- C:\Users\Dennis\Desktop\Hide IP Platinum.lnk
[2011.06.11 11:24:36 | 000,001,996 | ---- | C] () -- C:\Users\Dennis\Desktop\Premium Link Generator.lnk
[2011.06.09 17:49:45 | 000,051,040 | ---- | C] () -- C:\Windows\SysNative\oodbs.lor
[2011.06.09 17:48:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.06.09 17:25:05 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011.06.07 15:54:54 | 000,017,408 | ---- | C] () -- C:\Users\Dennis\AppData\Local\WebpageIcons.db
[2011.06.07 15:53:55 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2011.06.07 15:53:54 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2011.05.30 14:36:40 | 000,000,237 | ---- | C] () -- C:\Users\Dennis\.swfinfo
[2011.05.29 18:35:15 | 000,000,360 | -H-- | C] () -- C:\IPH.PH
[2011.05.29 16:08:12 | 000,000,967 | ---- | C] () -- C:\Users\Dennis\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011.05.28 19:17:15 | 000,001,556 | ---- | C] () -- C:\Users\Dennis\PDF.lnk
[2011.05.28 12:55:45 | 000,001,709 | ---- | C] () -- C:\Windows\TSearch.INI
[2011.05.27 19:26:29 | 000,045,286 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\room_v3.dat
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.05.14 16:57:02 | 000,125,392 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.05.10 20:30:55 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.05.10 20:30:30 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.05.02 18:34:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.04.18 15:20:54 | 000,065,536 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\chrtmp
[2011.04.15 18:43:34 | 000,315,682 | ---- | C] () -- C:\Windows\SysWow64\slwc.exe
[2011.04.15 18:41:25 | 000,111,104 | ---- | C] () -- C:\Windows\SysWow64\Uharc.exe
[2011.04.15 18:41:25 | 000,008,636 | ---- | C] () -- C:\Windows\SysWow64\modifype.exe
[2011.04.14 20:21:55 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.05.15 12:23:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Any DVD Converter Professional
[2011.06.02 18:23:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.04.30 15:00:33 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DAEMON Tools Lite
[2011.05.17 16:25:32 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\FDRLab
[2011.04.24 21:37:11 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leadertech
[2011.06.18 18:16:16 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Megamedia
[2011.05.03 21:11:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\PPLive
[2011.05.03 18:03:38 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\replacer
[2011.04.16 16:02:47 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software
[2011.06.09 16:11:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Tunngle
[2011.06.16 17:59:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\uTorrent
[2011.05.07 16:24:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ViGlance
[2011.06.10 16:27:37 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.06.02 19:44:51 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Adobe
[2011.05.15 12:23:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Any DVD Converter Professional
[2011.05.14 16:56:41 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Apple Computer
[2011.05.14 11:21:48 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\AVS4YOU
[2011.06.02 18:23:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.04.30 15:00:33 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DAEMON Tools Lite
[2011.06.02 20:43:16 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DivX
[2011.05.17 16:25:32 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\FDRLab
[2011.04.14 20:10:07 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Identities
[2011.04.24 21:37:11 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leadertech
[2011.04.15 16:02:30 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Macromedia
[2009.07.14 09:45:14 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Media Center Programs
[2011.05.14 16:33:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Media Player Classic
[2011.06.18 18:16:16 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Megamedia
[2011.06.10 16:28:11 | 000,000,000 | --SD | M] -- C:\Users\Dennis\AppData\Roaming\Microsoft
[2011.05.14 17:11:58 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Mozilla
[2011.06.17 13:45:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\NVIDIA
[2011.05.03 21:11:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\PPLive
[2011.05.03 18:03:38 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\replacer
[2011.04.16 16:02:47 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software
[2011.06.09 16:11:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Tunngle
[2011.06.16 17:59:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\uTorrent
[2011.05.07 16:24:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ViGlance
[2011.05.24 15:13:40 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\vlc
[2011.04.14 20:15:13 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.06.09 16:10:16 | 000,053,784 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Defender\fdhfdhSCui.exefhgfdh
[2011.05.03 21:11:45 | 009,258,944 | ---- | M] (Synacast Corp.) -- C:\Users\Dennis\AppData\Roaming\PPLive\Update\Update.exe
[2007.06.07 14:52:42 | 000,057,856 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\replacer\moveex.exe
[2007.01.26 21:59:44 | 000,503,296 | ---- | M] (hsiw) -- C:\Users\Dennis\AppData\Roaming\TuneUp Software\TU2011\StartUp Manager\Deaktivierte Objekte\leftsider64.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2009.10.31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=5AC855BA79745016C16B9CFEAEE24F4F -- C:\Windows\W7SOC\explorer.exe
[2009.10.31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=5DECCD8F824007CE7ED0ADF917F53FC7 -- C:\Windows\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 7 bytes -> C:\Report:kisextended
@Alternate Data Stream - 7 bytes -> C:\Report:kavextended

< End of report >
         

Alt 19.06.2011, 19:07   #5
markusg
/// Malware-holic
 
Verdacht auf Trojaner oder Keylogger - Standard

Verdacht auf Trojaner oder Keylogger



bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.06.2011, 19:32   #6
Themaster453
 
Verdacht auf Trojaner oder Keylogger - Standard

Verdacht auf Trojaner oder Keylogger



der log:
Code:
ATTFilter
ComboFix 11-06-17.04 - Dennis 19.06.2011  20:21:41.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1033.18.4091.2894 [GMT 2:00]
ausgeführt von:: c:\users\Dennis\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe
c:\program files (x86)\FunWebProducts
c:\program files (x86)\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}
c:\program files (x86)\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome.manifest
c:\program files (x86)\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome\scanquery.jar
c:\program files (x86)\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults\preferences\prefs.js
c:\program files (x86)\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\install.rdf
c:\program files (x86)\MyWebSearch
c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat
c:\program files (x86)\ScanQuery
c:\program files (x86)\ScanQuery\scanquery.dll
c:\users\Dennis\AppData\Roaming\chrtmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-05-19 bis 2011-06-19  ))))))))))))))))))))))))))))))
.
.
2011-06-19 18:25 . 2011-06-19 18:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-06-19 18:20 . 2011-06-19 18:20	--------	d-----w-	C:\32788R22FWJFW
2011-06-18 19:26 . 2011-06-18 19:26	--------	dc-h--w-	c:\programdata\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}
2011-06-18 16:16 . 2011-06-18 16:16	--------	d-----w-	C:\Update
2011-06-18 16:16 . 2011-06-18 16:16	--------	d-----w-	c:\users\Dennis\AppData\Roaming\Megamedia
2011-06-18 16:16 . 2011-06-18 16:16	--------	d-----w-	c:\programdata\Megamedia
2011-06-18 16:16 . 2011-06-18 16:16	--------	d-----w-	c:\users\Dennis\AppData\Local\Megamedia
2011-06-18 09:48 . 2011-06-18 09:48	--------	d-----w-	c:\programdata\EA Core
2011-06-17 11:45 . 2011-06-17 11:45	--------	d-----w-	c:\users\Dennis\AppData\Roaming\NVIDIA
2011-06-17 11:14 . 2011-06-17 11:14	--------	d-----w-	c:\program files (x86)\EA Games
2011-06-16 16:14 . 2011-06-16 16:14	--------	d-----w-	C:\found.000
2011-06-16 14:39 . 2009-07-13 18:41	898560	----a-w-	c:\windows\system32\OobeFldr.dll
2011-06-15 17:10 . 2011-06-15 17:10	--------	d-----w-	c:\users\UpdatusUser
2011-06-15 17:06 . 2011-06-15 17:06	--------	d-----w-	C:\NVIDIA
2011-06-15 16:53 . 2011-04-08 05:14	1619048	----a-w-	c:\windows\system32\nvdispco6420140.dll
2011-06-15 16:53 . 2011-04-08 05:14	1404008	----a-w-	c:\windows\system32\nvgenco642060.dll
2011-06-15 14:57 . 2011-06-15 15:49	--------	d-----w-	c:\program files (x86)\Game Prelauncher
2011-06-15 14:55 . 2011-06-15 14:55	--------	d-----w-	c:\programdata\IObit
2011-06-14 12:34 . 2010-07-25 04:19	108336	----a-w-	c:\windows\SysWow64\socket.ocx
2011-06-13 01:58 . 2011-06-13 02:00	--------	d-----w-	c:\windows\vf_hip
2011-06-13 01:58 . 2011-06-13 01:59	--------	d-----w-	c:\program files (x86)\Hide IP Platinum
2011-06-12 14:17 . 2011-06-12 14:17	--------	d-----w-	c:\users\Dennis\AppData\Local\Solo-Dev
2011-06-11 20:17 . 2011-06-11 20:27	--------	d-----w-	c:\program files (x86)\Duke Nukem Forever
2011-06-11 13:41 . 2011-06-11 13:41	--------	d-----w-	c:\program files\7-Zip
2011-06-11 09:24 . 2011-06-11 09:25	--------	d-----w-	c:\program files (x86)\Premium Link Generator
2011-06-10 14:28 . 2011-06-18 09:48	--------	d-----w-	c:\users\Dennis\AppData\Local\VirtualStore
2011-06-09 15:37 . 2011-06-09 15:37	--------	d-----w-	c:\windows\system32\oodag
2011-06-09 15:25 . 2011-01-12 09:42	16376	----a-w-	c:\windows\system32\drivers\TVMonitor.sys
2011-06-09 15:25 . 2011-06-09 15:25	--------	d-----w-	c:\program files (x86)\TeamViewer
2011-06-09 14:49 . 2011-06-09 14:49	--------	d-----w-	c:\users\Dennis\AppData\Local\O&O
2011-06-09 14:49 . 2011-06-09 14:49	--------	d-----w-	c:\programdata\OO Software
2011-06-09 14:49 . 2011-06-09 14:49	--------	d-----w-	c:\program files (x86)\OO Software
2011-06-09 14:49 . 2011-06-09 14:49	--------	d-----w-	c:\program files\OO Software
2011-06-09 14:49 . 2011-06-09 14:49	--------	d-----w-	c:\users\Dennis\AppData\Local\Downloaded Installations
2011-06-08 18:28 . 2011-06-09 14:11	--------	d-----w-	c:\users\Dennis\AppData\Roaming\Tunngle
2011-06-08 18:28 . 2011-06-08 18:28	--------	d-----w-	c:\programdata\Tunngle
2011-06-08 18:28 . 2009-09-16 05:02	31232	----a-w-	c:\windows\system32\drivers\tap0901t.sys
2011-06-08 12:02 . 2011-06-08 12:02	--------	d-----w-	c:\windows\SysWow64\Adobe
2011-06-07 13:52 . 2011-06-19 18:15	--------	d-----w-	c:\programdata\Kaspersky Lab
2011-06-07 13:52 . 2011-06-07 13:52	--------	d-----w-	c:\program files (x86)\Kaspersky Lab
2011-06-05 12:50 . 2011-06-05 12:50	--------	d-----w-	c:\program files (x86)\Window Renamer
2011-06-03 17:27 . 2011-06-05 09:14	--------	d-----w-	c:\programdata\McAfee
2011-06-03 14:29 . 2011-06-03 14:29	--------	d-----w-	c:\programdata\Xerox
2011-06-02 18:45 . 2011-06-02 18:45	--------	d-----w-	c:\users\Dennis\AppData\Local\DDMSettings
2011-06-02 18:43 . 2011-06-02 18:43	--------	d-----w-	c:\users\Dennis\AppData\Roaming\DivX
2011-06-02 18:42 . 2011-06-02 18:42	--------	d-----w-	c:\program files (x86)\Common Files\PX Storage Engine
2011-06-02 18:42 . 2011-06-02 18:42	--------	d-----w-	c:\program files\DivX
2011-06-02 18:42 . 2011-06-02 18:42	--------	d-----w-	c:\program files (x86)\Common Files\DivX Shared
2011-06-02 18:41 . 2011-06-02 18:43	--------	d-----w-	c:\program files (x86)\DivX
2011-06-02 18:40 . 2011-06-02 18:43	--------	d-----w-	c:\programdata\DivX
2011-06-02 18:11 . 2011-06-02 18:13	--------	d-----w-	c:\program files\PhotoshopPortable
2011-06-02 17:31 . 2011-06-02 17:31	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2011-06-02 17:00 . 2011-06-02 18:18	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2011-06-02 16:49 . 2011-06-02 16:51	--------	d-----w-	c:\program files (x86)\FBP - Facebook Blaster Pro
2011-06-02 16:25 . 2011-06-02 16:28	--------	d-----w-	c:\users\Dennis\Creative Suite 5.5 Design Premium
2011-06-02 16:23 . 2011-06-02 16:23	--------	d-----w-	c:\users\Dennis\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-05-31 15:21 . 2011-05-31 15:53	--------	d-----w-	c:\programdata\Avira
2011-05-30 12:36 . 2011-05-30 12:36	--------	d-----w-	c:\users\Dennis\fontconfig
2011-05-30 10:08 . 2010-02-25 14:51	29696	----a-w-	c:\windows\system32\drivers\tap0901.sys
2011-05-30 10:08 . 2011-05-30 10:08	--------	d-----w-	c:\program files\S.A.D
2011-05-29 19:23 . 2011-05-29 19:24	--------	d---a-w-	C:\.Trash-1000
2011-05-29 18:23 . 2011-05-29 18:23	--------	d-----w-	c:\users\Dennis\AppData\Local\CrashRpt
2011-05-29 16:36 . 2011-05-29 16:36	--------	d-----w-	c:\users\Dennis\AppData\Local\AOL
2011-05-29 16:35 . 2011-05-29 16:35	--------	d-----w-	c:\program files (x86)\Common Files\Software Update Utility
2011-05-29 16:35 . 2011-05-29 16:39	--------	d-----w-	c:\program files (x86)\Common Files\AOL
2011-05-29 14:08 . 2011-05-29 14:08	--------	d-----w-	c:\program files (x86)\uTorrent
2011-05-29 14:06 . 2011-05-29 14:06	--------	d-----w-	c:\users\Dennis\AppData\Local\uTorrent
2011-05-29 14:06 . 2011-06-16 15:59	--------	d-----w-	c:\users\Dennis\AppData\Roaming\uTorrent
2011-05-29 11:32 . 2011-05-30 15:38	--------	d-----w-	c:\users\Dennis\Games
2011-05-27 14:25 . 2011-05-27 17:01	--------	d-----w-	c:\program files (x86)\Garena
2011-05-24 16:24 . 2011-05-24 16:24	--------	d-----w-	c:\program files\Tracker Software
2011-05-24 13:13 . 2011-05-24 13:13	--------	d-----w-	c:\users\Dennis\AppData\Roaming\vlc
2011-05-24 13:12 . 2011-05-24 13:12	--------	d-----w-	c:\program files (x86)\VideoLAN
2011-05-22 17:54 . 2011-05-22 17:54	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2011-05-21 14:11 . 2011-05-21 14:11	--------	d-----w-	c:\users\Dennis\AppData\Local\Electronic Arts
2011-05-21 14:11 . 2011-05-21 14:11	--------	d-----w-	c:\programdata\Electronic Arts
2011-05-21 14:10 . 2011-05-21 14:10	--------	d-----w-	c:\program files (x86)\Electronic Arts
2011-05-20 20:35 . 2011-05-20 20:35	304744	----a-w-	c:\windows\SysWow64\nvStreaming.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-13 02:26 . 2011-05-13 14:47	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-30 08:41 . 2011-05-10 18:33	271200	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2011-05-30 08:41 . 2011-05-10 18:30	271200	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2011-05-30 08:32 . 2011-05-10 18:30	271200	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2011-05-27 17:11 . 2011-05-10 18:30	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2011-05-21 06:01 . 2011-03-17 02:03	739432	----a-w-	c:\windows\system32\easyUpdatusAPIU64.dll
2011-05-21 06:01 . 2011-03-17 02:03	6300776	----a-w-	c:\windows\system32\nvcpl.dll
2011-05-21 06:01 . 2011-03-17 02:03	3040872	----a-w-	c:\windows\system32\nvsvc64.dll
2011-05-21 06:01 . 2011-03-17 02:03	117864	----a-w-	c:\windows\system32\nvmctray.dll
2011-05-21 06:01 . 2011-03-17 02:02	61544	----a-w-	c:\windows\system32\nvshext.dll
2011-05-21 06:01 . 2011-03-17 02:02	326760	----a-w-	c:\windows\system32\nvhotkey.dll
2011-05-21 06:01 . 2011-03-17 02:02	2560616	----a-w-	c:\windows\system32\nvsvcr.dll
2011-05-21 06:01 . 2011-03-17 02:02	1016936	----a-w-	c:\windows\system32\nvvsvc.exe
2011-05-03 16:11 . 2011-04-14 18:21	925184	----a-w-	c:\windows\expstart.exe
2011-05-01 11:42 . 2011-05-01 11:42	3608	----a-w-	C:\STFE7B5.tmp
2011-04-29 10:25 . 2011-04-29 10:25	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-04-29 10:19 . 2011-04-29 10:19	254528	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2011-04-26 05:58 . 2011-04-26 05:58	499712	----a-w-	c:\windows\SysWow64\msvcp71.dll
2011-04-26 05:58 . 2011-04-26 05:58	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2011-04-24 21:14 . 2011-04-24 21:14	234896	----a-w-	c:\windows\system32\klogon.dll
2011-04-15 16:06 . 2009-07-13 23:39	2755072	----a-w-	c:\windows\SysWow64\themeui.dll
2011-04-15 16:06 . 2009-07-13 23:39	245760	----a-w-	c:\windows\SysWow64\uxtheme.dll
2011-04-15 13:58 . 2011-04-15 13:58	982912	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2011-04-15 13:58 . 2011-04-15 13:58	4068864	----a-w-	c:\windows\system32\mf.dll
2011-04-15 13:58 . 2011-04-15 13:58	320512	----a-w-	c:\windows\system32\d3d10_1core.dll
2011-04-15 13:58 . 2011-04-15 13:58	3181568	----a-w-	c:\windows\SysWow64\mf.dll
2011-04-15 13:58 . 2011-04-15 13:58	265088	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-04-15 13:58 . 2011-04-15 13:58	257024	----a-w-	c:\windows\system32\mfreadwrite.dll
2011-04-15 13:58 . 2011-04-15 13:58	229888	----a-w-	c:\windows\system32\XpsRasterService.dll
2011-04-15 13:58 . 2011-04-15 13:58	218624	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2011-04-15 13:58 . 2011-04-15 13:58	206848	----a-w-	c:\windows\system32\mfps.dll
2011-04-15 13:58 . 2011-04-15 13:58	196608	----a-w-	c:\windows\SysWow64\mfreadwrite.dll
2011-04-15 13:58 . 2011-04-15 13:58	1888256	----a-w-	c:\windows\system32\WMVDECOD.DLL
2011-04-15 13:58 . 2011-04-15 13:58	1837568	----a-w-	c:\windows\system32\d3d10warp.dll
2011-04-15 13:58 . 2011-04-15 13:58	1619456	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2011-04-15 13:58 . 2011-04-15 13:58	1495040	----a-w-	c:\windows\SysWow64\ExplorerFrame.dll
2011-04-15 13:58 . 2011-04-15 13:58	144384	----a-w-	c:\windows\system32\cdd.dll
2011-04-15 13:58 . 2011-04-15 13:58	135168	----a-w-	c:\windows\SysWow64\XpsRasterService.dll
2011-04-15 13:58 . 2011-04-15 13:58	1170944	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2011-04-06 14:26 . 2011-04-06 14:26	96544	----a-w-	c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26	69408	----a-w-	c:\windows\system32\jdns_sd.dll
2011-04-06 14:26 . 2011-04-06 14:26	237856	----a-w-	c:\windows\system32\dnssdX.dll
2011-04-06 14:26 . 2011-04-06 14:26	119584	----a-w-	c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20	91424	----a-w-	c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20	75040	----a-w-	c:\windows\SysWow64\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20	197920	----a-w-	c:\windows\SysWow64\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20	107808	----a-w-	c:\windows\SysWow64\dns-sd.exe
2011-03-30 17:50 . 2011-04-15 16:14	34624	----a-w-	c:\windows\system32\TURegOpt.exe
2011-03-30 17:45 . 2011-04-15 16:14	25920	----a-w-	c:\windows\system32\authuitu.dll
2011-03-30 17:45 . 2011-04-15 16:13	21312	----a-w-	c:\windows\SysWow64\authuitu.dll
2011-03-30 17:45 . 2011-04-15 16:14	36160	----a-w-	c:\windows\system32\uxtuneup.dll
2011-03-30 17:45 . 2011-04-15 16:14	29504	----a-w-	c:\windows\SysWow64\uxtuneup.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[-] 2009-10-30 . 5DECCD8F824007CE7ED0ADF917F53FC7 . 2870272 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[-] 2009-10-30 . 5AC855BA79745016C16B9CFEAEE24F4F . 2870272 . . [6.1.7600.16385] .. c:\windows\W7SOC\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{77F4E711-789B-447F-9614-96759B2F83C6}]
2011-06-18 16:16	64000	----a-w-	c:\users\Dennis\AppData\Local\Megamedia\Megakey\MegaIeHelper.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Megakey"="c:\users\Dennis\AppData\Local\Megamedia\Megakey\Megakey.exe" [2011-06-18 2593280]
"MegakeyUpdater"="c:\users\Dennis\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe" [2011-06-18 64000]
"CursorFX"="c:\program files (x86)\Stardock\CursorFX\CursorFX.exe" [2010-03-23 417280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"facemoods"="c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dump_wmimmc;dump_wmimmc;c:\program files\gPotato.eu\FlyFF\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-02-10 11856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 X6va005;X6va005;c:\users\Dennis\AppData\Local\Temp\005935A.tmp [x]
R4 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2011-03-22 2421384]
R4 GatewayAgentService;O&O Gateway Agent Service;c:\program files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe [2010-11-19 316744]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-03-30 2026304]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2010-11-25 3152200]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1410892137-877069167-2350996814-1001Core.job
- c:\users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 13:29]
.
2011-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1410892137-877069167-2350996814-1001UA.job
- c:\users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 13:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77F4E711-789B-447F-9614-96759B2F83C6}]
2011-06-18 16:16	78336	----a-w-	c:\users\Dennis\AppData\Local\Megamedia\Megakey\x64\MegaIeHelper64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Capture Web Page - c:\users\Dennis\AppData\Local\Megamedia\Megakey\CaptureWebPage.htm
IE: Fetch to Megaupload - c:\users\Dennis\AppData\Local\Megamedia\Megakey\MegaUpload.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
LSP: c:\programdata\Megamedia\Megakey\msadm.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Dennis\AppData\Local\Temp\005935A.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="AF34148A01768F9AF23ED95CA71CA173729310FB5CB15BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E6678EDD5E5BE2F6E667C038D530D6EB34525CCAB58FA5588F2CC4CEA0DFA7144D77417C62F9F250899FA44B5D7309B726CB2986B2B64581BB83B2883F0E26FB62E6AC2B2309B37980396C985BADE6FD2EB6A86B6FF0ABC8A9BE7D93AB916F2656CB089AE733BC1450BE87A866CC6E3712F096683C6F6A212223732ECC517061D9325076D130FC6BB321C2B1788230CDB27231620DF6D231504C608730C4E0B281F886DB274FAA82C9266F5D321003DED9833BB07ADEFBD346A91BC6087B36CFC8532EDCD1723F8B14E365CBD4CD823C3042FA1FBE92C11676FCF90227942DA50DCA50805F1177F079C97B11482789EA489F3BED3A1544BC3BDDD74888C4C6548DB9F9408333534EC3979231951B3EA513E3CAD1F1F8E43C4FB5951A4758C62EF0D03C8A11799A732262882A6E3D03586926FCF18D65CB40D4C5176DA5AAB4BA4012AA3F05945465A61346E92433052586D5A66AD79863A7CE1EC22A882C5D3569D7DE377ACB4E5DC8E5B3D2AD3AB0E20934A44C4262DB83A62785ADF7E3D08EBE4C753CB5F89947E06BBEBC25A03818F457531A5EA5279BA79ACD49216AE269F2708E899A890BC32F0959724B4A130631A896CC67DC7D69038890C1D46C2C1D22964E5435813DA7547779B302AD7A1B0A65D5D0B692D99CCC52C44F08AC88B5C7665EC0B1F58BFAD8C318325057EBFEAD207A854DE7FA177D30E59F547E1872475D6BE9E291977AA44D3395E0E42B89B03E733E4E116470712CF2D475CC40C664C9255D3D924717094B4C78040BBD49897AB3C381565C70E825F082CC94A6DAC7D0C11DDC4AC2743644696BAA90EB7F14E132D2D3946F9889CD67B2DFE6398981E8F79FFD21F8EB4395946FEBD0C6229055681AD43A6B1BD9AC61E056E82862015E064D848F98092BF0D97C833A1FDAA08C553F39CC64DB479CEE007F53E6281CCF2C06F3A4188DCAD94C7ED0518B05CD8F7D5957E43278A2CC23744974AE548CB3AE9BF682316DE52A015355ADE435013D64F32B2EEDBE1F401695CA2D7A116F4FD5D3DBDFE051A20E90CD39F8CAAE0CC5180F55E9772F564D64333BF20B3F46BF6F68148566160B869BB5C5729EEC9FB1A4201A6AF382441EAB0DF8CE63F076744C073754494B8D68C1466C6F079B56581D8D601947A34833115784DD4E6D4A313FD27CBBD1B5FC5CA72D3E556D1DA968193434F29FAEA8DDBB3C8152D431EC0DA2E0C3C30D4E90DE790F7120018779E333E4C608E9F78CC457D7BA70C9EB71F552BB8D86CBC160C16282E25F33A388A009E1EAFB5A0501E2933D1C90BE004D292F618131A2EFEB2817"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-06-19  20:28:00
ComboFix-quarantined-files.txt  2011-06-19 18:27
.
Vor Suchlauf: 194.616.975.360 bytes free
Nach Suchlauf: 194.507.780.096 bytes free
.
- - End Of File - - CAFE0472F674D0EE40074CB1295C03C6
         

Alt 19.06.2011, 19:34   #7
markusg
/// Malware-holic
 
Verdacht auf Trojaner oder Keylogger - Standard

Verdacht auf Trojaner oder Keylogger



download malwarebytes:
Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.06.2011, 20:15   #8
Themaster453
 
Verdacht auf Trojaner oder Keylogger - Standard

Verdacht auf Trojaner oder Keylogger



Log 1
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6897

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19.06.2011 20:49:24
mbam-log-2011-06-19 (20-49-24).txt

Art des Suchlaufs: Flash-Scan
Durchsuchte Objekte: 142070
Laufzeit: 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\ScanQuery (Adware.ScanQuery) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Log 2
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6897

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19.06.2011 21:12:48
mbam-log-2011-06-19 (21-12-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 310485
Laufzeit: 22 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Qoobox\quarantine\C\program files (x86)\scanquery\scanquery.dll.vir (Adware.Agent.Gen) -> Quarantined and deleted successfully.
         

Alt 19.06.2011, 20:17   #9
markusg
/// Malware-holic
 
Verdacht auf Trojaner oder Keylogger - Standard

Verdacht auf Trojaner oder Keylogger



lade den CCleaner standard:
CCleaner - Standard
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 24.06.2011, 12:26   #10
Themaster453
 
Verdacht auf Trojaner oder Keylogger - Standard

Verdacht auf Trojaner oder Keylogger



sorry ich war im Urlaub und konnte deshalb nicht antworten...7
hier ist die Liste:
Code:
ATTFilter
7-Zip 9.20 (x64 edition)	Igor Pavlov	10.06.2011	4,53MB	9.20.00.0 notwendig
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	12.06.2011	6,00MB	10.3.181.23 notwendig
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	12.05.2011	6,00MB	10.3.181.14 notwendig
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	07.06.2011		11.5.9.620 notwendig
Akamai NetSession Interface		17.05.2011	unbekannt	
Alice: Madness Returns		16.06.2011		notwendig
America's Army 3	U.S. Army	16.06.2011	notwendig	
Any DVD Converter Professional 3.7.7	Any-DVD-Converter.com	14.05.2011 unnötig		
AnyTV Pro 5.1	FDRLab, Inc.	16.05.2011	4,96MB	unnötig
Apple Application Support	Apple Inc.	13.05.2011	51,0MB	1.5.1 notwendig
Apple Mobile Device Support	Apple Inc.	13.05.2011	22,4MB	3.4.0.25 notwendig
Apple Software Update	Apple Inc.	13.05.2011	2,26MB	2.1.2.120 notwendig
Bonjour	Apple Inc.	13.05.2011	1,75MB	2.0.5.0 notwendig
Call of Duty: Black Ops - Multiplayer	Treyarch	06.05.2011	notwendig	
CCleaner	Piriform	14.06.2011		3.07 notwendig
Combined Community Codec Pack 2009-09-09	CCCP Project	13.04.2011		2009.09.09.0 notwendig
CursorFX	Stardock Corporation	17.06.2011 notwendig		
CyberGhost VPN	S.A.D. GmbH	29.05.2011	56,6MB	notwendig
DAEMON Tools Lite	DT Soft Ltd	28.04.2011		4.40.2.0131 notwendig
DivX-Setup	DivX, LLC	01.06.2011		2.5.0.11 unnötig
Download Updater (AOL LLC)		28.05.2011	unbekannt	
EA Download Manager	Electronic Arts, Inc.	20.05.2011		8.0.3.427 notwendig
Facemoods Toolbar		11.05.2011 unnötig		
FBP - Facebook Blaster Pro	Digital Media Group	01.06.2011	8,36MB	9.0.3 unnötig
Flyff	Gala Networks Europe Limited	29.04.2011		Flyff notwendig
FlyFF Automaton (v1.00)		15.05.2011		unbekannt
FriendAdderElite	Default Company Name	01.06.2011	19,1MB	4.0.1 unnötig
Game Booster	IObit	14.06.2011	11,6MB	3.0 notwendig
Game Prelauncher version 3.1.2		14.06.2011	2,75MB	3.1.2 notwendig
Garena 2010	Garena Online Pte Ltd.	26.05.2011		2010 unnötig
Google Chrome	Google Inc.	15.05.2011		12.0.742.100 notwendig
Hide IP Platinum 3.42	Volcano Force	12.06.2011		unnötig
iTunes	Apple Inc.	13.05.2011	144,9MB	10.2.2.12 notwendig
Java(TM) 6 Update 22	Oracle	02.05.2011	95,0MB	6.0.220 notwendig
Java(TM) 6 Update 25	Oracle	28.04.2011	94,7MB	6.0.250 notwendig
JDownloader 0.9	AppWork GmbH	11.05.2011		0.9 notwendig
Kaspersky Internet Security 2012	Kaspersky Lab	06.06.2011		12.0.0.374 notwendig
Malwarebytes' Anti-Malware Version 1.51.0.1200	Malwarebytes Corporation	18.06.2011	13,8MB	1.51.0.1200 notwendig
Megakey	Megamedia Ltd.	17.06.2011		0.9.0.0 notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	27.04.2011	38,8MB	4.0.30319 notwendig
Microsoft Office Professional Home and Student 2010	Microsoft Corporation	15.04.2011		14.0.4763.1000 notwendig
Microsoft Silverlight	Microsoft Corporation	21.05.2011	20,5MB	4.0.60310.0 notwendig
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	12.05.2011	0,34MB	8.0.59193 notwendig
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	16.04.2011	0,19MB	9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022	Microsoft Corporation	29.05.2011	2,52MB	9.0.21022 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	15.04.2011	0,58MB	9.0.30729 notwendig
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	16.04.2011	13,7MB	10.0.30319 notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319	Microsoft Corporation	20.05.2011	11,0MB	10.0.30319 notwendig
NVIDIA 3D Vision Controller Driver 275.33	NVIDIA Corporation	14.06.2011		275.33 notwendig
NVIDIA 3D Vision Driver 275.33	NVIDIA Corporation	14.06.2011		275.33 notwendig
NVIDIA Graphics Driver 275.33	NVIDIA Corporation	14.06.2011		275.33 notwendig
NVIDIA HD Audio Driver 1.2.23.3	NVIDIA Corporation	14.06.2011		1.2.23.3 notwendig
NVIDIA PhysX System Software 9.10.0514	NVIDIA Corporation	14.06.2011		9.10.0514 notwendig
NVIDIA Update 1.3.5	NVIDIA Corporation	14.06.2011		1.3.5 notwendig
O&O Defrag Server	O&O Software GmbH	08.06.2011	53,3MB	14.1.305 unnötig
PDF-XChange Viewer	Tracker Software Products Ltd.	23.05.2011	44,3MB	2.5.195.0 notwendig
PPLive 1.9	Synacast	02.05.2011		1.9.47 unnötig
Premium Link Generator 1.00		10.06.2011		unbekannt
QuickTime	Apple Inc.	13.05.2011	73,7MB	7.69.80.9 notwendig
RocketDock 1.3.5	Punk Software	14.04.2011 notwendig		
Safari	Apple Inc.	13.05.2011	41,3MB	5.33.21.1 notwendig
SopCast 3.3.2	www.sopcast.com	14.04.2011		3.3.2 notwendig
Steam	Valve Corporation	29.04.2011	1,59MB	1.0.0.0 notwendig
TeamViewer 6	TeamViewer GmbH	08.06.2011		6.0.10722 notwendig
TuneUp Utilities 2011	TuneUp Software	14.04.2011		10.0.4010.25 notwendig
TVAnts 1.0		02.05.2011		notwendig
Veetle TV 0.9.18	Veetle, Inc	02.05.2011		0.9.18 notwendig
VLC media player 1.0.5	VideoLAN Team	23.05.2011		1.0.5 notwendig
Window Renamer 1.0	FireBlood's Dev	04.06.2011		notwendig
Windows Media Player Firefox Plugin	Microsoft Corp	28.04.2011	0,29MB	1.0.0.8 notwendig
WinRAR arkivering		13.04.2011		notwendig
µTorrent		28.05.2011		3.0.0 notwendig
         

Alt 24.06.2011, 14:27   #11
markusg
/// Malware-holic
 
Verdacht auf Trojaner oder Keylogger - Standard

Verdacht auf Trojaner oder Keylogger



deinstaliere
Any DVD
AnyTV
Bonjour kann auch weg
DivX-Setup
Facemoods
FBP
FlyFF
FriendAdderElite
Game Booster ist sinnlos kann eig weg.
Garena
Hide IP


Java alle
Java SE Downloads
download jre, lade offline installer und instaliere.

deinstaliere
OO Defrag
PPLive
Premium Link Generator
TuneUp verzichte auf so nen schrott. die werbung die die machen, tuning versprechen, ist alles quatsch und kann dem rechner schaden.
weg damit.

bereinige mit dem ccleaner
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 24.06.2011, 16:51   #12
Themaster453
 
Verdacht auf Trojaner oder Keylogger - Standard

Verdacht auf Trojaner oder Keylogger



alles gemacht.... danke für die Hilfe.

Alt 24.06.2011, 17:04   #13
markusg
/// Malware-holic
 
Verdacht auf Trojaner oder Keylogger - Standard

Verdacht auf Trojaner oder Keylogger



gibts bzw gabs noch probleme?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 24.06.2011, 19:15   #14
Themaster453
 
Verdacht auf Trojaner oder Keylogger - Standard

Verdacht auf Trojaner oder Keylogger



nein gar keine mehr.

Alt 24.06.2011, 19:25   #15
markusg
/// Malware-holic
 
Verdacht auf Trojaner oder Keylogger - Standard

Verdacht auf Trojaner oder Keylogger



ok endere alle passwörter
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Verdacht auf Trojaner oder Keylogger
account, adware.agent.gen, adware.scanquery, adware.softomate, anderen, anmelden, antworten, computer, geändert, heute, kaspersky, keylogger, liebe, mails, melden, nicht mehr, passwort, passwort geändert, programm, schnelle, troja, verdacht, viren



Ähnliche Themen: Verdacht auf Trojaner oder Keylogger


  1. Keylogger oder browsergestützter Trojaner?
    Log-Analyse und Auswertung - 04.03.2015 (13)
  2. Verdacht auf KeyLogger
    Plagegeister aller Art und deren Bekämpfung - 12.01.2015 (14)
  3. GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc.
    Log-Analyse und Auswertung - 08.12.2014 (12)
  4. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 28.05.2014 (5)
  5. AVG unerwartet beendet (verdacht auf Keylogger/Trojaner)
    Log-Analyse und Auswertung - 08.02.2013 (28)
  6. Verdacht auf Keylogger oder Spyware (Email hat mehrere Fehlgeschlagene Logins verzeichnet).
    Log-Analyse und Auswertung - 16.10.2012 (10)
  7. Trojaner und/oder Keylogger | Win7 64bit
    Log-Analyse und Auswertung - 07.10.2012 (4)
  8. Verdacht auf Malware/Trojaner/Keylogger oder ähnliches
    Log-Analyse und Auswertung - 14.06.2012 (3)
  9. Verdacht auf Keylogger oder Trojaner - empfindliche Daten auspioniert
    Log-Analyse und Auswertung - 17.05.2012 (1)
  10. Vermutlich Trojaner oder Keylogger eingefangen
    Plagegeister aller Art und deren Bekämpfung - 15.10.2011 (12)
  11. Wow Account gehackt hab ich einen Keylogger oder Trojaner
    Log-Analyse und Auswertung - 18.04.2011 (1)
  12. Befindet sich ein Trojaner oder Keylogger auf meinem Rechner ?
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (6)
  13. Trojaner, Keylogger oder Bruteforce
    Plagegeister aller Art und deren Bekämpfung - 04.03.2010 (3)
  14. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 11.12.2009 (1)
  15. Verdacht auf Trojaner/Keylogger
    Plagegeister aller Art und deren Bekämpfung - 26.05.2009 (0)
  16. Trojaner oder sogar Keylogger?
    Log-Analyse und Auswertung - 20.10.2007 (3)
  17. Verdacht auf Trojaner oder Keylogger
    Mülltonne - 19.10.2007 (0)

Zum Thema Verdacht auf Trojaner oder Keylogger - Hallo, ich bitte um eure Hilfe. Als ich mich vor 3 Tagen in mein Facebook Account eingeloggt habe stand dort das von einem anderen Ort auf mein Account zugegriffen wurde. - Verdacht auf Trojaner oder Keylogger...
Archiv
Du betrachtest: Verdacht auf Trojaner oder Keylogger auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.