| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner TR/Offend.KD.484629 in Users\***\AppData\Roaming\Microsoft\hostrun.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.12.2011, 00:05
| #1 |
| |  Trojaner TR/Offend.KD.484629 in Users\***\AppData\Roaming\Microsoft\hostrun.exe Hallo, mein Antivir ist heute auf den Trojaner TR/Offend.KD.484629 in "Users\***\AppData\Roaming\Microsoft\hostrun.exe" gestoßen, welchen Antivir auch gelöscht hat. Ich habe auch schon mit der Anleitung von OTL die beiden Logfiles erstellt. Ich habe anschließend auch einen kompletten Systemcheck von Norten Power Eraser durchlaufen lassen und von Malwarebytes' Anti-Malware, ohne weitere Funde auf meiner Festplatte. Was muss ich weiterhin beachten, ob noch ein Virus auf dem PC sein könnte? Gruß Bob [code] Da die OTL Datei zu groß ist für den Anhang und Rar Dateien nicht erlaubt sind, poste ich die Datei einmal direkt im Beitrag:OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.12.2011 23:41:37 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,80 Gb Available Physical Memory | 72,71% Memory free 15,96 Gb Paging File | 13,58 Gb Available in Paging File | 85,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 42,99 Gb Free Space | 36,09% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 620,02 Gb Free Space | 66,56% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) PRC - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation) PRC - C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSS.exe () PRC - C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe () PRC - C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe (Dynamic Network Services, Inc.) PRC - C:\Program Files (x86)\DynDNS Updater\DynTray.exe (Dynamic Network Services, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - C:\Program Files (x86)\EVGA Precision\RTMUI.dll () MOD - C:\Program Files (x86)\EVGA Precision\RTHAL.dll () MOD - C:\Program Files (x86)\EVGA Precision\RTCore.dll () MOD - C:\Program Files (x86)\EVGA Precision\RTUI.dll () MOD - C:\Program Files (x86)\EVGA Precision\RTFC.dll () MOD - C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSS.exe () MOD - C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe () MOD - C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTTSH.dll () MOD - C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTMUI.dll () MOD - C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSSHooks.dll () MOD - C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTUI.dll () MOD - C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTFC.dll () MOD - C:\Program Files (x86)\EVGA Precision\RTTSH.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (DynDNS Updater) -- C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe (Dynamic Network Services, Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (UnsignedThemes) -- C:\Windows\UnsignedThemesSvc.exe (The Within Network, LLC) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (SMR210) -- C:\Windows\SysNative\drivers\SMR210.SYS (Symantec Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (mv91cons) -- C:\Windows\SysNative\drivers\mv91cons.sys (Marvell Semiconductor Inc.) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.) DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (uxpatch) -- C:\Windows\SysNative\drivers\uxpatch.sys () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (WinRing0_1_2_0) -- C:\Users\***\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys (OpenLibSys.org) DRV - (RTCore64) -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 86 77 B4 EF 8C CC 01 [binary data] IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2011.11.27 16:01:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011.11.27 16:01:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.22 21:55:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.14 16:45:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.27 22:29:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.05.26 16:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.05.26 16:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.12.14 19:52:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\phov6l6x.default\extensions [2011.10.05 18:26:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHOV6L6X.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.12.22 21:55:36 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.07.09 15:34:40 | 000,000,853 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 login.minecraft.net O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Windows\TEMP\E_SA0B1.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrueCrypt.lnk = C:\Programme\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{612107CB-6749-47A3-8059-75CF8D444C98}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FDB466E-F93E-4E7D-AC09-DAA85E56AD20}: DhcpNameServer = 7.254.254.254 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{82458ec4-870d-11e0-b51a-6c626d41ee9c}\Shell - "" = AutoRun O33 - MountPoints2\{82458ec4-870d-11e0-b51a-6c626d41ee9c}\Shell\AutoRun\command - "" = E:\Autorun.exe O33 - MountPoints2\{cabf5ae7-18fd-11e1-a67f-6c626d41ee9c}\Shell - "" = AutoRun O33 - MountPoints2\{cabf5ae7-18fd-11e1-a67f-6c626d41ee9c}\Shell\AutoRun\command - "" = G:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.22 23:39:43 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.12.22 23:39:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.12.22 23:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.22 23:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.22 23:39:20 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.22 23:39:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.12.22 23:31:45 | 000,096,376 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR210.SYS [2011.12.22 23:31:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\NPE [2011.12.22 23:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2011.12.22 23:27:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.12.22 23:04:30 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.51.2.1300.exe [2011.12.22 23:03:44 | 002,562,040 | ---- | C] (Symantec Corporation) -- C:\Users\***\Desktop\NPE.exe [2011.12.15 18:45:32 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2011.12.15 18:45:25 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.12.15 18:45:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.12.15 18:45:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.12.15 18:45:24 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.12.15 18:45:24 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.12.15 18:45:24 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.12.15 18:45:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.12.15 18:45:09 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.12.15 18:45:09 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.12.14 19:33:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2011.12.05 19:34:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2011.12.05 19:33:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts [2011.12.03 16:05:29 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Command and Conquer Generals Data [2011.12.01 18:32:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Google [2011.12.01 18:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2011.12.01 18:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8 [2011.12.01 18:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2011.11.30 20:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mp3DirectCut [2011.11.27 16:01:47 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2011.11.27 16:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point [2011.11.27 15:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint [2011.11.27 15:10:24 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ANNO 2070 [2011.11.27 14:47:35 | 000,279,616 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2011.11.27 14:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2011.11.27 14:46:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2011.11.27 14:32:41 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ForceField Shared Files [2011.11.27 14:32:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CheckPoint [2011.11.27 14:32:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Conduit [2011.11.27 14:32:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2011.11.27 14:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint [2011.11.27 14:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2011.11.27 14:13:33 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll [2011.11.27 14:13:33 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll [2011.11.27 14:13:33 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll [2011.11.27 14:13:33 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll [2011.11.27 14:13:33 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll [2011.11.27 14:13:33 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll [2011.11.27 14:13:32 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll [2011.11.27 14:13:32 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll [2011.11.27 14:13:32 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll [2011.11.27 14:13:32 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll [2011.11.27 14:13:32 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll [2011.11.27 14:13:32 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll [2011.11.27 14:13:32 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll [2011.11.27 14:13:32 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll [2011.11.27 14:13:31 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll [2011.11.27 14:13:31 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll [2011.11.27 14:13:31 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll [2011.11.27 14:13:31 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll [2011.11.27 14:13:31 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll [2011.11.27 14:13:31 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll [2011.11.27 14:13:31 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll [2011.11.27 14:13:31 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll [2011.11.27 14:13:31 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll [2011.11.27 14:13:31 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll [2011.11.27 14:13:31 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll [2011.11.27 14:13:31 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll [2011.11.27 14:13:31 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll [2011.11.27 14:13:31 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll [2011.11.27 14:13:30 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll [2011.11.27 14:13:30 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll [2011.11.27 14:13:30 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll [2011.11.27 14:13:30 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll [2011.11.27 14:13:30 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll [2011.11.27 14:13:30 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll [2011.11.27 14:13:30 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll [2011.11.27 14:13:30 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll [2011.11.27 14:13:29 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll [2011.11.27 14:13:29 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll [2011.11.27 14:13:29 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll [2011.11.27 14:13:29 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll [2011.11.27 14:13:29 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll [2011.11.27 14:13:29 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll [2011.11.27 14:13:28 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll [2011.11.27 14:13:28 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll [2011.11.27 14:13:28 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll [2011.11.27 14:13:28 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll [2011.11.27 14:13:28 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll [2011.11.27 14:13:28 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll [2011.11.27 14:13:28 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll [2011.11.27 14:13:28 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2011.11.27 14:13:28 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll [2011.11.27 14:13:28 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll [2011.11.27 14:13:24 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll [2011.11.27 14:13:24 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll [2011.11.27 14:13:24 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll [2011.11.27 14:13:24 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll [2011.11.27 14:13:23 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll [2011.11.27 14:13:23 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll [2011.11.27 14:13:23 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll [2011.11.27 14:13:23 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll [2011.11.27 14:13:23 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll [2011.11.27 14:13:23 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2011.11.27 14:13:23 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll [2011.11.27 14:13:23 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll [2011.11.27 14:13:23 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll [2011.11.27 14:13:23 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll [2011.11.27 14:13:23 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll [2011.11.27 14:13:23 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2011.11.27 14:13:23 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll [2011.11.27 14:13:23 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll [2011.11.27 14:13:22 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll [2011.11.27 14:13:22 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2011.11.27 14:13:22 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll [2011.11.27 14:13:22 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2011.11.27 14:13:22 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll [2011.11.27 14:13:22 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll [2011.11.27 14:13:21 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll [2011.11.27 14:13:21 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2011.11.27 14:13:21 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll [2011.11.27 14:13:21 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll [2011.11.27 14:13:21 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll [2011.11.27 14:13:21 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll [2011.11.27 14:13:21 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll [2011.11.27 14:13:21 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll [2011.11.27 14:13:21 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll [2011.11.27 14:13:21 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll [2011.11.27 14:13:21 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll [2011.11.27 14:13:21 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll [2011.11.27 14:13:21 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll [2011.11.27 14:13:21 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll [2011.11.27 14:13:20 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll [2011.11.27 14:13:20 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll [2011.11.27 14:13:20 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll [2011.11.27 14:13:20 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll [2011.11.27 14:13:20 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll [2011.11.27 14:13:20 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll [2011.11.27 14:13:20 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll [2011.11.27 14:13:20 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll [2011.11.27 14:13:20 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll [2011.11.27 14:13:20 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll [2011.11.27 14:13:20 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll [2011.11.27 14:13:20 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll [2011.11.27 14:13:19 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll [2011.11.27 14:13:19 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll [2011.11.27 14:13:14 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll [2011.11.27 14:13:14 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll [2011.11.27 14:13:14 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll [2011.11.27 14:13:14 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll [2011.11.27 14:13:14 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll [2011.11.27 14:13:14 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll [2011.11.27 14:13:14 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll [2011.11.27 14:13:14 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll [2011.11.27 14:13:13 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll [2011.11.27 14:13:13 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll [2011.11.27 14:13:13 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll [2011.11.27 14:13:13 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll [2011.11.27 14:13:13 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll [2011.11.27 14:13:13 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll [2011.11.27 14:13:13 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll [2011.11.27 14:13:13 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll [2011.11.27 14:13:12 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll [2011.11.27 14:13:12 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll [2011.11.27 14:13:12 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll [2011.11.27 14:13:12 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll [2011.11.27 14:13:12 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll [2011.11.27 14:13:12 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll [2011.11.27 14:13:12 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll [2011.11.27 14:13:12 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll [2011.11.27 14:13:12 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll [2011.11.27 14:13:12 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll [2011.11.27 14:13:12 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll [2011.11.27 14:13:12 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll [2011.11.27 14:13:11 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll [2011.11.27 14:13:11 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll [2011.11.27 14:13:11 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll [2011.11.27 14:13:11 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll [2011.11.27 14:13:11 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll [2011.11.27 14:13:11 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll [2011.11.27 14:13:11 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll [2011.11.27 14:13:11 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll [2011.11.27 14:13:11 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll [2011.11.27 14:13:11 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll [2011.11.27 14:13:10 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2011.11.27 14:13:10 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2011.11.27 14:13:10 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll [2011.11.27 14:13:10 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll [2011.11.27 14:13:10 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll [2011.11.27 14:13:10 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll [2011.11.27 14:13:10 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll [2011.11.27 14:13:10 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll [2011.11.27 14:13:10 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll [2011.11.27 14:13:10 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll [2011.11.27 14:13:09 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll [2011.11.27 14:13:09 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll [2011.11.27 14:13:09 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll [2011.11.27 14:13:09 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll [2011.11.27 14:13:09 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll [2011.11.27 14:13:09 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll [2011.11.27 14:13:09 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll [2011.11.27 14:13:09 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll [2011.11.27 14:13:09 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll [2011.11.27 14:13:09 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll [2011.11.27 14:13:09 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll [2011.11.27 14:13:09 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll [2011.11.27 14:13:07 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2011.11.27 14:13:07 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2011.11.27 14:13:07 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll [2011.11.27 14:13:07 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll [2011.11.27 14:13:07 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll [2011.11.27 14:13:07 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll [2011.11.27 14:13:06 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll [2011.11.27 14:13:06 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll [2011.11.27 14:13:06 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll [2011.11.27 14:13:06 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll [2011.11.27 14:13:05 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll [2011.11.27 14:13:05 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll [2011.11.27 14:13:05 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll [2011.11.27 14:13:05 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll [2011.11.27 14:13:05 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll [2011.11.27 14:13:05 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll [2011.11.27 14:13:04 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll [2011.11.27 14:13:04 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll [2011.11.26 13:33:44 | 000,644,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomct2.ocx [8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.22 23:41:17 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.22 23:41:17 | 000,698,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.22 23:41:17 | 000,652,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.22 23:41:17 | 000,148,798 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.22 23:41:17 | 000,121,656 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.22 23:40:04 | 000,013,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.22 23:40:04 | 000,013,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.22 23:40:03 | 003,932,160 | -HS- | M] () -- C:\Users\***\ntuser.dat [2011.12.22 23:39:47 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.12.22 23:39:23 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.22 23:32:53 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2011.12.22 23:32:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.22 23:32:49 | 2132,131,839 | -HS- | M] () -- C:\hiberfil.sys [2011.12.22 23:32:04 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat [2011.12.22 23:32:01 | 011,100,294 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2011.12.22 23:31:45 | 000,096,376 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR210.SYS [2011.12.22 23:27:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.12.22 23:04:45 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.51.2.1300.exe [2011.12.22 23:03:51 | 002,562,040 | ---- | M] (Symantec Corporation) -- C:\Users\***\Desktop\NPE.exe [2011.12.20 18:34:22 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.12.20 18:34:22 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.12.20 18:33:34 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2011.12.16 14:10:27 | 000,434,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.14 19:33:11 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.12.11 18:04:07 | 000,009,364 | ---- | M] () -- C:\Users\Public\Documents\linkin park.m3u [2011.12.05 19:33:57 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Die Schlacht um Mittelerde™ II.lnk [2011.12.03 17:45:33 | 000,119,496 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2011.12.03 16:04:55 | 000,000,618 | ---- | M] () -- C:\Windows\eReg.dat [2011.12.01 18:27:57 | 000,002,031 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk [2011.11.30 20:27:38 | 000,001,061 | ---- | M] () -- C:\Users\***\Desktop\mp3DirectCut.lnk [2011.11.27 16:02:07 | 000,415,915 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2011.11.27 14:48:35 | 000,000,602 | ---- | M] () -- C:\Users\***\Desktop\Anno 2070.lnk [2011.11.27 14:47:35 | 000,279,616 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2011.11.27 14:42:42 | 000,530,488 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2011.11.26 13:33:44 | 000,644,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomct2.ocx [8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.22 23:39:23 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.11 18:04:07 | 000,009,364 | ---- | C] () -- C:\Users\Public\Documents\linkin park.m3u [2011.12.05 19:33:57 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\Die Schlacht um Mittelerde™ II.lnk [2011.12.03 16:04:55 | 000,000,618 | ---- | C] () -- C:\Windows\eReg.dat [2011.12.01 18:27:57 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk [2011.11.30 20:27:38 | 000,001,061 | ---- | C] () -- C:\Users\***\Desktop\mp3DirectCut.lnk [2011.11.27 16:01:38 | 000,415,915 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2011.11.27 14:48:35 | 000,000,602 | ---- | C] () -- C:\Users\***\Desktop\Anno 2070.lnk [2011.10.16 12:09:27 | 001,594,114 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.08.28 21:15:49 | 000,007,606 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2011.06.23 15:42:54 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2011.05.26 17:09:47 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.05.26 17:09:47 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.05.26 17:09:47 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.05.25 21:13:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.05.25 02:32:51 | 000,119,496 | ---- | C] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2011.05.25 02:20:41 | 011,100,294 | -H-- | C] () -- C:\Users\***\AppData\Local\IconCache.db [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:35:42 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2009.07.14 03:34:57 | 000,000,478 | ---- | C] () -- C:\Windows\win.ini [2009.07.14 03:34:57 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.11.12 19:02:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2011.11.27 14:32:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint [2011.11.27 14:48:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2011.12.22 23:33:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2011.06.27 16:42:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON [2011.10.16 22:27:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fantasy Grounds II [2011.06.20 16:08:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER [2011.12.22 23:32:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2011.06.30 20:29:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2011.12.05 19:36:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2011.05.26 16:38:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2011.10.29 17:43:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Trine2 [2011.05.25 21:13:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt [2011.11.25 16:58:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2011.11.26 17:20:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tunngle [2011.11.27 14:52:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2011.10.06 18:21:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent [2011.11.02 17:09:07 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Geändert von tswbob (23.12.2011 um 00:15 Uhr) Grund: Logfile in Code Fenster gesetzt |
| Themen zu Trojaner TR/Offend.KD.484629 in Users\***\AppData\Roaming\Microsoft\hostrun.exe |
| adobe, antivir, avira, bho, checkpoint, eraser, explorer, firefox, format, hal.dll, helper, hotspot, hotspot shield, langs, launch, mbamservice.exe, microsoft, mozilla, mozilla thunderbird, nvidia, object, plug-in, programme, realtek, registry, scan, sched.exe, security, senden, sketchup, software, symantec, temp, trojaner, usb, usb 3.0, version=1.0, virus, virus auf dem pc, webcheck, windows |
Baum-Darstellung