| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Antimalware DoctorWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.06.2010, 01:32
| #1 |
 |  Antimalware Doctor Grüß euch! Wie so einige andere vor kurzem auch, hab ich mir den Virus Antimalware Doctor eingefangen. Dank eurer Seite bin ich schon einen Schritt weiter, aber wie bei den anderen Postern konnte ich ihn nicht ganz entfernen. Avira Antivir hat um 00:06 geschrien. Daraufhin hab ich ihn Scannen lassen. Logs mit Funden (3 Stück) : Avira AntiVir Personal Erstellungsdatum der Reportdatei: Dienstag, 01. Juni 2010 00:12 Es wird nach 2174072 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 x64 Windowsversion : (plain) [6.1.7600] Boot Modus : Normal gebootet Benutzername : *** Computername : ABASE Versionsinformationen: BUILD.DAT : 10.0.0.567 Bytes 19.04.2010 15:50:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 20.04.2010 15:41:11 AVSCAN.DLL : 10.0.3.0 56168 Bytes 20.04.2010 15:41:11 LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 17:32:59 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 16:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 15:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 10:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 10:15:35 VBASE006.VDF : 7.10.6.83 2048 Bytes 15.04.2010 10:15:35 VBASE007.VDF : 7.10.6.84 2048 Bytes 15.04.2010 10:15:35 VBASE008.VDF : 7.10.6.85 2048 Bytes 15.04.2010 10:15:35 VBASE009.VDF : 7.10.6.86 2048 Bytes 15.04.2010 10:15:35 VBASE010.VDF : 7.10.6.87 2048 Bytes 15.04.2010 10:15:36 VBASE011.VDF : 7.10.6.88 2048 Bytes 15.04.2010 10:15:36 VBASE012.VDF : 7.10.6.89 2048 Bytes 15.04.2010 10:15:36 VBASE013.VDF : 7.10.6.90 2048 Bytes 15.04.2010 10:15:36 VBASE014.VDF : 7.10.6.123 126464 Bytes 19.04.2010 15:41:11 VBASE015.VDF : 7.10.6.152 123392 Bytes 21.04.2010 08:03:14 VBASE016.VDF : 7.10.6.178 122880 Bytes 22.04.2010 10:19:55 VBASE017.VDF : 7.10.6.206 120320 Bytes 26.04.2010 17:20:04 VBASE018.VDF : 7.10.6.232 99328 Bytes 28.04.2010 14:14:13 VBASE019.VDF : 7.10.7.2 155648 Bytes 30.04.2010 11:36:57 VBASE020.VDF : 7.10.7.26 119808 Bytes 04.05.2010 14:17:26 VBASE021.VDF : 7.10.7.51 118272 Bytes 06.05.2010 10:31:12 VBASE022.VDF : 7.10.7.75 404992 Bytes 10.05.2010 18:04:21 VBASE023.VDF : 7.10.7.100 125440 Bytes 13.05.2010 11:13:58 VBASE024.VDF : 7.10.7.119 177664 Bytes 17.05.2010 16:05:07 VBASE025.VDF : 7.10.7.139 129024 Bytes 19.05.2010 11:15:31 VBASE026.VDF : 7.10.7.157 145920 Bytes 21.05.2010 10:52:51 VBASE027.VDF : 7.10.7.173 147456 Bytes 25.05.2010 13:56:13 VBASE028.VDF : 7.10.7.189 120320 Bytes 27.05.2010 11:20:09 VBASE029.VDF : 7.10.7.190 2048 Bytes 27.05.2010 11:20:09 VBASE030.VDF : 7.10.7.191 2048 Bytes 27.05.2010 11:20:09 VBASE031.VDF : 7.10.7.196 109568 Bytes 30.05.2010 06:03:25 Engineversion : 8.2.1.242 AEVDF.DLL : 8.1.2.0 106868 Bytes 24.04.2010 09:59:27 AESCRIPT.DLL : 8.1.3.29 1343866 Bytes 12.05.2010 16:52:34 AESCN.DLL : 8.1.6.1 127347 Bytes 12.05.2010 16:52:33 AESBX.DLL : 8.1.3.1 254324 Bytes 24.04.2010 09:59:28 AERDL.DLL : 8.1.4.6 541043 Bytes 16.04.2010 10:15:54 AEPACK.DLL : 8.2.1.1 426358 Bytes 25.03.2010 22:09:20 AEOFFICE.DLL : 8.1.1.0 201081 Bytes 12.05.2010 16:52:32 AEHEUR.DLL : 8.1.1.27 2670967 Bytes 05.05.2010 11:29:35 AEHELP.DLL : 8.1.11.3 242039 Bytes 03.04.2010 11:05:24 AEGEN.DLL : 8.1.3.9 377203 Bytes 12.05.2010 16:52:32 AEEMU.DLL : 8.1.2.0 393588 Bytes 24.04.2010 09:59:26 AECORE.DLL : 8.1.15.3 192886 Bytes 12.05.2010 16:52:31 AEBB.DLL : 8.1.1.0 53618 Bytes 24.04.2010 09:59:26 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10 AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07 AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 20.04.2010 15:41:11 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 20.04.2010 15:41:11 AVARKT.DLL : 10.0.0.14 227176 Bytes 20.04.2010 15:41:11 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54 NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08 RCTEXT.DLL : 10.0.53.0 98152 Bytes 20.04.2010 15:41:11 Konfiguration für den aktuellen Suchlauf: Job Name..............................: ShlExt Konfigurationsdatei...................: C:\Users\***\AppData\Local\Temp\a04c9204.avp Protokollierung.......................: niedrig Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, Durchsuche aktive Programme...........: aus Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Intelligente Dateiauswahl Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: mittel Abweichende Gefahrenkategorien........: +PFS,+SPR, Beginn des Suchlaufs: Dienstag, 01. Juni 2010 00:12 Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Users\***\AppData' C:\Users\***\AppData\Local\Temp\onacrmwsxe.exe [0] Archivtyp: RAR SFX (self extracting) [FUND] Ist das Trojanische Pferd TR/BHO.OHL --> ezwi1810.exe [1] Archivtyp: NSIS --> ProgramFilesDir/[UnknownDir].dll [FUND] Ist das Trojanische Pferd TR/BHO.OHL --> vowi510.exe [1] Archivtyp: NSIS --> ProgramFilesDir/[TempDir]/[UnknownDir].dll [FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Agent.NEC --> smwi1810.exe [1] Archivtyp: NSIS --> ProgramFilesDir/[UnknownDir].dll [FUND] Ist das Trojanische Pferd TR/BHO.OHL.1 Beginne mit der Desinfektion: C:\Users\***\AppData\Local\Temp\onacrmwsxe.exe [FUND] Ist das Trojanische Pferd TR/BHO.OHL.1 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48b3914d.qua' verschoben! Ende des Suchlaufs: Dienstag, 01. Juni 2010 00:17 Benötigte Zeit: 04:52 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 1556 Verzeichnisse wurden überprüft 16164 Dateien wurden geprüft 3 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden rep***ert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 16161 Dateien ohne Befall 580 Archive wurden durchsucht 0 Warnungen 1 Hinweise ------------------------------------------------ Avira AntiVir Personal Erstellungsdatum der Reportdatei: Dienstag, 01. Juni 2010 00:06 Es wird nach 2174072 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 x64 Windowsversion : (plain) [6.1.7600] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : ABASE Versionsinformationen: BUILD.DAT : 10.0.0.567 32097 Bytes 19.04.2010 15:50:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 20.04.2010 15:41:11 AVSCAN.DLL : 10.0.3.0 56168 Bytes 20.04.2010 15:41:11 LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 17:32:59 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 16:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 15:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 10:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 10:15:35 VBASE006.VDF : 7.10.6.83 2048 Bytes 15.04.2010 10:15:35 VBASE007.VDF : 7.10.6.84 2048 Bytes 15.04.2010 10:15:35 VBASE008.VDF : 7.10.6.85 2048 Bytes 15.04.2010 10:15:35 VBASE009.VDF : 7.10.6.86 2048 Bytes 15.04.2010 10:15:35 VBASE010.VDF : 7.10.6.87 2048 Bytes 15.04.2010 10:15:36 VBASE011.VDF : 7.10.6.88 2048 Bytes 15.04.2010 10:15:36 VBASE012.VDF : 7.10.6.89 2048 Bytes 15.04.2010 10:15:36 VBASE013.VDF : 7.10.6.90 2048 Bytes 15.04.2010 10:15:36 VBASE014.VDF : 7.10.6.123 126464 Bytes 19.04.2010 15:41:11 VBASE015.VDF : 7.10.6.152 123392 Bytes 21.04.2010 08:03:14 VBASE016.VDF : 7.10.6.178 122880 Bytes 22.04.2010 10:19:55 VBASE017.VDF : 7.10.6.206 120320 Bytes 26.04.2010 17:20:04 VBASE018.VDF : 7.10.6.232 99328 Bytes 28.04.2010 14:14:13 VBASE019.VDF : 7.10.7.2 155648 Bytes 30.04.2010 11:36:57 VBASE020.VDF : 7.10.7.26 119808 Bytes 04.05.2010 14:17:26 VBASE021.VDF : 7.10.7.51 118272 Bytes 06.05.2010 10:31:12 VBASE022.VDF : 7.10.7.75 404992 Bytes 10.05.2010 18:04:21 VBASE023.VDF : 7.10.7.100 125440 Bytes 13.05.2010 11:13:58 VBASE024.VDF : 7.10.7.119 177664 Bytes 17.05.2010 16:05:07 VBASE025.VDF : 7.10.7.139 129024 Bytes 19.05.2010 11:15:31 VBASE026.VDF : 7.10.7.157 145920 Bytes 21.05.2010 10:52:51 VBASE027.VDF : 7.10.7.173 147456 Bytes 25.05.2010 13:56:13 VBASE028.VDF : 7.10.7.189 120320 Bytes 27.05.2010 11:20:09 VBASE029.VDF : 7.10.7.190 2048 Bytes 27.05.2010 11:20:09 VBASE030.VDF : 7.10.7.191 2048 Bytes 27.05.2010 11:20:09 VBASE031.VDF : 7.10.7.196 109568 Bytes 30.05.2010 06:03:25 Engineversion : 8.2.1.242 AEVDF.DLL : 8.1.2.0 106868 Bytes 24.04.2010 09:59:27 AESCRIPT.DLL : 8.1.3.29 1343866 Bytes 12.05.2010 16:52:34 AESCN.DLL : 8.1.6.1 127347 Bytes 12.05.2010 16:52:33 AESBX.DLL : 8.1.3.1 254324 Bytes 24.04.2010 09:59:28 AERDL.DLL : 8.1.4.6 541043 Bytes 16.04.2010 10:15:54 AEPACK.DLL : 8.2.1.1 426358 Bytes 25.03.2010 22:09:20 AEOFFICE.DLL : 8.1.1.0 201081 Bytes 12.05.2010 16:52:32 AEHEUR.DLL : 8.1.1.27 2670967 Bytes 05.05.2010 11:29:35 AEHELP.DLL : 8.1.11.3 242039 Bytes 03.04.2010 11:05:24 AEGEN.DLL : 8.1.3.9 377203 Bytes 12.05.2010 16:52:32 AEEMU.DLL : 8.1.2.0 393588 Bytes 24.04.2010 09:59:26 AECORE.DLL : 8.1.15.3 192886 Bytes 12.05.2010 16:52:31 AEBB.DLL : 8.1.1.0 53618 Bytes 24.04.2010 09:59:26 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10 AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07 AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 20.04.2010 15:41:11 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 20.04.2010 15:41:11 AVARKT.DLL : 10.0.0.14 227176 Bytes 20.04.2010 15:41:11 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54 NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08 RCTEXT.DLL : 10.0.53.0 98152 Bytes 20.04.2010 15:41:11 Konfiguration für den aktuellen Suchlauf: Job Name..............................: avguard_async_scan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4c2e6f29\guard_slideup.avp Protokollierung.......................: niedrig Primäre Aktion........................: rep***eren Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: hoch Abweichende Gefahrenkategorien........: +PFS,+SPR, Beginn des Suchlaufs: Dienstag, 01. Juni 2010 00:06 Die Reparatur von Rootkits ist nur im interaktiven Modus möglich! Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ATI_MainBoard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'onacrmwsxe.exe' - '1' Modul(e) wurden durchsucht Modul ist infiziert -> <C:\Users\***\AppData\Local\Temp\onacrmwsxe.exe> Durchsuche Prozess 'Ilm.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Ill.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'WerFault.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ccl9ke.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'gotnewupdate000.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mshta.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'FL.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NclRSSrv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ServiceLayer.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SetPoint32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'CTXFISPI.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Ctxfihlp.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VolPanlu.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TurboV_EVO.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PCSuite.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TurboVHELP.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NMSAccessU.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AsSysCtrlService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'CTAudSvc.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Users\***\AppData\Local\Temp\khvcol.exe' C:\Users\***\AppData\Local\Temp\khvcol.exe [FUND] Ist das Trojanische Pferd TR/Spy.Gen --> Object [FUND] Ist das Trojanische Pferd TR/Spy.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48979205.qua' verschoben! Beginne mit der Suche in 'C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9VQTVX5G\fwevpovto[1].htm' C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9VQTVX5G\fwevpovto[1].htm [FUND] Ist das Trojanische Pferd TR/Spy.Gen --> Object [FUND] Ist das Trojanische Pferd TR/Spy.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5013bdd1.qua' verschoben! Beginne mit der Suche in 'C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6IC5ITE\fwelcx[1].htm' C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6IC5ITE\fwelcx[1].htm [FUND] Enthält verdächtigen Code: HEUR/Crypted.E --> Object [FUND] Enthält verdächtigen Code: HEUR/Crypted.E [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '024ce739.qua' verschoben! Beginne mit der Suche in 'C:\Users\***\AppData\Local\Temp\BN1AE2.tmp' Der zu durchsuchende Pfad C:\Users\***\AppData\Local\Temp\BN1AE2.tmp konnte nicht geöffnet werden! Systemfehler [2]: Das System kann die angegebene Datei nicht finden. Beginne mit der Suche in 'C:\Users\***\AppData\Local\Temp\janfw.exe' C:\Users\***\AppData\Local\Temp\janfw.exe [FUND] Enthält Code des Windows-Virus W32/Virut.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6460a881.qua' verschoben! Beginne mit der Suche in 'C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VN6D0Y7C\gnemtrzxsn[1].htm' C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VN6D0Y7C\gnemtrzxsn[1].htm [FUND] Enthält Code des Windows-Virus W32/Virut.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '21ff85cc.qua' verschoben! Beginne mit der Suche in 'C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRFXHRY3\rvqxfn[1].htm' C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRFXHRY3\rvqxfn[1].htm [FUND] Enthält verdächtigen Code: HEUR/Crypted.E [HINWEIS] Der Fund wurde als verdächtig eingestuft. [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5ef8b7a5.qua' verschoben! Beginne mit der Suche in 'C:\Users\***\AppData\Local\Temp\roacxnmwse.exe' C:\Users\***\AppData\Local\Temp\roacxnmwse.exe [FUND] Ist das Trojanische Pferd TR/Pincav.aakn [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '12509be6.qua' verschoben! Beginne mit der Suche in 'C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9VQTVX5G\wzdcjrp[1].htm' C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9VQTVX5G\wzdcjrp[1].htm [FUND] Enthält verdächtigen Code: HEUR/Crypted.E [HINWEIS] Der Fund wurde als verdächtig eingestuft. [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6e45dba3.qua' verschoben! Ende des Suchlaufs: Dienstag, 01. Juni 2010 00:06 Benötigte Zeit: 00:04 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 51 Dateien wurden geprüft 8 Viren bzw. unerwünschte Programme wurden gefunden 3 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden rep***ert 8 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 40 Dateien ohne Befall 5 Archive wurden durchsucht 0 Warnungen 8 Hinweise Die Suchergebnisse werden an den Guard übermittelt. ------------------------- Avira AntiVir Personal Erstellungsdatum der Reportdatei: Dienstag, 01. Juni 2010 00:05 Es wird nach 2174072 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 x64 Windowsversion : (plain) [6.1.7600] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : ABASE Versionsinformationen: BUILD.DAT : 10.0.0.567 32097 Bytes 19.04.2010 15:50:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 20.04.2010 15:41:11 AVSCAN.DLL : 10.0.3.0 56168 Bytes 20.04.2010 15:41:11 LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 17:32:59 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 16:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 15:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 10:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 10:15:35 VBASE006.VDF : 7.10.6.83 2048 Bytes 15.04.2010 10:15:35 VBASE007.VDF : 7.10.6.84 2048 Bytes 15.04.2010 10:15:35 VBASE008.VDF : 7.10.6.85 2048 Bytes 15.04.2010 10:15:35 VBASE009.VDF : 7.10.6.86 2048 Bytes 15.04.2010 10:15:35 VBASE010.VDF : 7.10.6.87 2048 Bytes 15.04.2010 10:15:36 VBASE011.VDF : 7.10.6.88 2048 Bytes 15.04.2010 10:15:36 VBASE012.VDF : 7.10.6.89 2048 Bytes 15.04.2010 10:15:36 VBASE013.VDF : 7.10.6.90 2048 Bytes 15.04.2010 10:15:36 VBASE014.VDF : 7.10.6.123 126464 Bytes 19.04.2010 15:41:11 VBASE015.VDF : 7.10.6.152 123392 Bytes 21.04.2010 08:03:14 VBASE016.VDF : 7.10.6.178 122880 Bytes 22.04.2010 10:19:55 VBASE017.VDF : 7.10.6.206 120320 Bytes 26.04.2010 17:20:04 VBASE018.VDF : 7.10.6.232 99328 Bytes 28.04.2010 14:14:13 VBASE019.VDF : 7.10.7.2 155648 Bytes 30.04.2010 11:36:57 VBASE020.VDF : 7.10.7.26 119808 Bytes 04.05.2010 14:17:26 VBASE021.VDF : 7.10.7.51 118272 Bytes 06.05.2010 10:31:12 VBASE022.VDF : 7.10.7.75 404992 Bytes 10.05.2010 18:04:21 VBASE023.VDF : 7.10.7.100 125440 Bytes 13.05.2010 11:13:58 VBASE024.VDF : 7.10.7.119 177664 Bytes 17.05.2010 16:05:07 VBASE025.VDF : 7.10.7.139 129024 Bytes 19.05.2010 11:15:31 VBASE026.VDF : 7.10.7.157 145920 Bytes 21.05.2010 10:52:51 VBASE027.VDF : 7.10.7.173 147456 Bytes 25.05.2010 13:56:13 VBASE028.VDF : 7.10.7.189 120320 Bytes 27.05.2010 11:20:09 VBASE029.VDF : 7.10.7.190 2048 Bytes 27.05.2010 11:20:09 VBASE030.VDF : 7.10.7.191 2048 Bytes 27.05.2010 11:20:09 VBASE031.VDF : 7.10.7.196 109568 Bytes 30.05.2010 06:03:25 Engineversion : 8.2.1.242 AEVDF.DLL : 8.1.2.0 106868 Bytes 24.04.2010 09:59:27 AESCRIPT.DLL : 8.1.3.29 1343866 Bytes 12.05.2010 16:52:34 AESCN.DLL : 8.1.6.1 127347 Bytes 12.05.2010 16:52:33 AESBX.DLL : 8.1.3.1 254324 Bytes 24.04.2010 09:59:28 AERDL.DLL : 8.1.4.6 541043 Bytes 16.04.2010 10:15:54 AEPACK.DLL : 8.2.1.1 426358 Bytes 25.03.2010 22:09:20 AEOFFICE.DLL : 8.1.1.0 201081 Bytes 12.05.2010 16:52:32 AEHEUR.DLL : 8.1.1.27 2670967 Bytes 05.05.2010 11:29:35 AEHELP.DLL : 8.1.11.3 242039 Bytes 03.04.2010 11:05:24 AEGEN.DLL : 8.1.3.9 377203 Bytes 12.05.2010 16:52:32 AEEMU.DLL : 8.1.2.0 393588 Bytes 24.04.2010 09:59:26 AECORE.DLL : 8.1.15.3 192886 Bytes 12.05.2010 16:52:31 AEBB.DLL : 8.1.1.0 53618 Bytes 24.04.2010 09:59:26 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10 AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07 AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 20.04.2010 15:41:11 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 20.04.2010 15:41:11 AVARKT.DLL : 10.0.0.14 227176 Bytes 20.04.2010 15:41:11 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54 NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08 RCTEXT.DLL : 10.0.53.0 98152 Bytes 20.04.2010 15:41:11 Konfiguration für den aktuellen Suchlauf: Job Name..............................: avguard_async_scan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4c2e6f29\guard_slideup.avp Protokollierung.......................: niedrig Primäre Aktion........................: rep***eren Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: hoch Abweichende Gefahrenkategorien........: +PFS,+SPR, Beginn des Suchlaufs: Dienstag, 01. Juni 2010 00:05 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'net.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'BN1AE1.tmp' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'BN1AE3.tmp' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'uaufqma.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'smnxoawcre.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'gotnewupdate000.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'enscxwaomr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mshta.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'FL.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NclRSSrv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ServiceLayer.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SetPoint32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'CTXFISPI.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Ctxfihlp.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VolPanlu.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TurboV_EVO.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PCSuite.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TurboVHELP.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NMSAccessU.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AsSysCtrlService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'CTAudSvc.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Users\***\AppData\Local\Temp\mwexorcsna.exe' C:\Users\***\AppData\Local\Temp\mwexorcsna.exe [FUND] Ist das Trojanische Pferd TR/Crypt.PEPM.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49539203.qua' verschoben! Ende des Suchlaufs: Dienstag, 01. Juni 2010 00:05 Benötigte Zeit: 00:03 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 33 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden rep***ert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 32 Dateien ohne Befall 0 Archive wurden durchsucht 0 Warnungen 1 Hinweise Die Suchergebnisse werden an den Guard übermittelt. -------------------- Daraufhin auf eurer Seite die Anleitung gefunden Log zum RKill Processes terminated by Rkill or while it was running: C:\Users\Ari\AppData\Local\Temp\Ilm.exe C:\Users\Ari\AppData\Local\Temp\Ill.exe C:\Users\Ari\AppData\Roaming\F8DFE2F9B073ADC1B9B913B46C20900B\gotnewupdate000.exe C:\Users\Ari\AppData\Local\ATI Drivers\ATI_MainBoard.exe C:\Users\Ari\Desktop\iExplorer.exe Rkill completed on 01.06.2010 at 1:14:21. Log zum Malewarebytes Anti-Maleware Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4159 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 01.06.2010 02:02:12 mbam-log-2010-06-01 (02-02-12).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|M:\|) Durchsuchte Objekte: 329956 Laufzeit: 44 Minute(n), 0 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 6 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 14 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\Users\***\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aaaaaaaa (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\halo2 (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\***\aaaaaaaa.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Temp\A779.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Temp\ccl9ke.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Temp\nsxamcrowe.exe (Rootkit.Dropper) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Temp\plmloe9ez.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Temp\szv86m1ic.exe (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Temp\~TM2B93.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\VirtualStore\Windows\SysWOW64\cooper.mine (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\Temp\Ilm.exe (Trojan.FakeAlert) -> Delete on reboot. Nach dem Reboot hat sich das Malwarebytes Antimale-Ware Programm nicht mehr geöffnet (vermutlich durch den Trojaner blockiert), dafür wieder der Antimalware-Doctor. Den hab ich wieder mit RKill geschlossen. Ich hab gerade Angefangen nochmal die Antimaleware drüberlaufen zu lassen, allerdings hat er bis jetzt nichts mehr gefunden. (Wo er beim ersten lauf schon ca 10 infizierte Objekte gefunden hatte). Ich hab nach dem Befall zügig meine Internetverbindung unterbrochen (und meinen Drucker abgedreht der leere Blätter gedruckt hat  ).Wie sieht es mit meinen Daten, Passwörtern und so weiter aus. Ich nehme an die dürften nun in fremden Händen liegen? Weiters wird es eine dauerhafte Beeinträchtigung meines PCs geben (Geschwindigkeit, etc.)? Wie bekomm ich meinen PC vollständig sauber? Zu guter letzt: Welche Programme sind hilfreich um schon im Vorraus eine Ausbreitung von Viren solcher Art zu verhindern? Ist da Zonealarm hilfreich? Bislang hab ich nur Avira Antivirus laufen. CCleaner wird jetzt mal nächster Schritt sein. Grüße Wisdoom Geändert von Wisdoom (01.06.2010 um 01:59 Uhr) |
|
01.06.2010, 01:47
| #2 |
| | Antimalware Doctor Update:
__________________Nach CCleaner ein OTL Scan: OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.06.2010 02:42:25 - Run 1 OTL by OldTimer - Version 3.2.5.2 Folder = C:\Users\***\Desktop\AntiVirus 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297,99 Gb Total Space | 207,32 Gb Free Space | 69,57% Space Free | Partition Type: NTFS Drive D: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive M: | 465,76 Gb Total Space | 197,72 Gb Free Space | 42,45% Space Free | Partition Type: NTFS Computer Name: ABASE Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\AntiVirus\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - M:\System\Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - M:\System\CD_BurnerXP\NMSAccessU.exe () PRC - M:\System\NokiaPCS\Nokia PC Suite 7\PCSuite.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - M:\System\LogitechG9\SetPoint\x86\SetPoint32.exe () PRC - C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTek) PRC - C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe (ASUSTek) PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe () PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\AntiVirus\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (WatAdminSvc) -- C:\Windows\SysNative\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (NMSAccessU) -- M:\System\CD_BurnerXP\NMSAccessU.exe () SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (DAUpdaterSvc) -- M:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe () SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys () DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Nokia) DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:64bit: - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\SysNative\drivers\USBAUDIO.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV - (StarOpen) -- C:\Windows\SysWOW64\drivers\StarOpen.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (AsIO) -- C:\Windows\SysWOW64\drivers\AsIO.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC 53 2C B9 4A 57 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4 FF - prefs.js..extensions.enabledItems: {989e9382-d540-4189-88d1-fc54a949a387}:0.8.7 FF - prefs.js..extensions.enabledItems: {a02c0c70-605c-11da-8cd6-0800200c9a66}:4.22 FF - prefs.js..extensions.enabledItems: {3ffb7be0-8bde-11de-8a39-0800200c9a66}:3.6.05.02.10 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: M:\System\NokiaPCS\Nokia PC Suite 7\bkmrksync\ [2010.05.16 14:53:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: M:\System\Firefox\components [2010.04.03 13:07:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: M:\System\Firefox\plugins [2010.04.18 21:53:56 | 000,000,000 | ---D | M] [2009.12.23 03:49:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla\Extensions [2010.05.31 13:59:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions [2010.02.28 19:31:22 | 000,000,000 | ---D | M] (Gold Steel) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions\{030869c0-68e7-11dd-ad8b-0800200c9a66} [2010.02.28 19:30:12 | 000,000,000 | ---D | M] (Purple Fox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions\{3ffb7be0-8bde-11de-8a39-0800200c9a66} [2010.02.28 19:32:55 | 000,000,000 | ---D | M] (Ambient Fox Maroon) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions\{4aed382a-3293-4721-85cc-1aab07b510eb} [2010.03.15 16:49:07 | 000,000,000 | ---D | M] (FennecFox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions\{989e9382-d540-4189-88d1-fc54a949a387} [2010.02.28 19:19:53 | 000,000,000 | ---D | M] (PimpZilla) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66} [2010.02.28 19:23:53 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [QuickTime Task] M:\System\QuickTime Alternative\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTek) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [ATI MainBoard] C:\Users\***\AppData\Local\ATI Drivers\ATI_MainBoard.exe (Microsoft) O4 - HKCU..\Run: [gotnewupdate000.exe] C:\Users\***\AppData\Roaming\F8DFE2F9B073ADC1B9B913B46C20900B\gotnewupdate000.exe (MS) O4 - HKCU..\Run: [PC Suite Tray] M:\System\NokiaPCS\Nokia PC Suite 7\PCSuite.exe (Nokia) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2010.02.10 08:21:09 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ] O32 - AutoRun File - [2010.01.31 10:21:13 | 000,367,686 | R--- | M] () - D:\Autorun.ico -- [ CDFS ] O32 - AutoRun File - [2010.02.10 04:55:03 | 009,965,568 | R--- | M] () - D:\autorun.dat -- [ CDFS ] O32 - AutoRun File - [2010.02.10 04:54:55 | 000,000,155 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{6e312501-c339-11de-b0aa-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6e312501-c339-11de-b0aa-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.01 02:36:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010.06.01 01:16:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.06.01 01:15:43 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\AntiVirus [2010.06.01 01:15:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.06.01 01:15:26 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.06.01 01:15:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2010.06.01 01:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.01 00:05:57 | 000,000,000 | RHSD | C] -- C:\Users\***\AppData\Local\ATI Drivers [2010.06.01 00:05:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\F8DFE2F9B073ADC1B9B913B46C20900B [2010.05.23 16:14:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Diagnostics [2010.05.23 16:03:27 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Codemasters [2010.05.18 18:14:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2010.05.18 18:14:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2010.05.18 18:14:12 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys [2010.05.16 17:37:28 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Meine empfangenen Dateien [2010.05.16 14:53:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PC Suite [2010.05.16 14:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite [2010.05.16 14:53:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nokia [2010.05.16 14:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PCSuite [2010.05.16 14:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia [2010.05.16 14:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2010.05.16 14:53:29 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys [2010.05.16 14:53:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2010.05.16 14:53:19 | 000,067,584 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdclsx64.dll [2010.05.16 14:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations [2010.05.03 15:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2010.05.03 15:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2009.06.04 01:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.01 02:43:19 | 002,621,440 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.06.01 02:36:27 | 000,001,849 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk [2010.06.01 02:11:07 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.01 02:11:07 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.01 02:08:13 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.06.01 02:08:13 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.06.01 02:08:13 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.06.01 02:08:13 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.06.01 02:08:13 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.06.01 02:03:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.01 02:03:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.01 02:03:48 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys [2010.06.01 02:03:04 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000007-00000000-00000003-00001102-00000005-00291102}.rfx [2010.06.01 02:03:04 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000007-00000000-00000003-00001102-00000005-00291102}.rfx [2010.06.01 02:03:04 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000007-00000000-00000003-00001102-00000005-00291102}.rfx [2010.06.01 02:02:56 | 016,597,288 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.05.31 08:35:15 | 000,000,338 | ---- | M] () -- C:\Windows\Brownie.ini [2010.05.30 18:19:56 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2010.05.30 16:25:19 | 000,003,564 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2010.05.30 02:06:58 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010.05.30 02:02:01 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.05.23 16:15:24 | 000,000,966 | ---- | M] () -- C:\Users\***\Desktop\GRID.lnk [2010.05.17 23:07:29 | 000,082,029 | ---- | M] () -- C:\Users\***\Desktop\twb-573.jpg [2010.05.16 14:56:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf [2010.05.16 14:56:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01007.Wdf [2010.05.03 23:12:43 | 000,000,816 | ---- | M] () -- C:\Users\***\Desktop\Conviction.lnk [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.01 02:36:27 | 000,001,849 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk [2010.05.30 16:25:19 | 000,003,564 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2010.05.23 16:15:24 | 000,000,966 | ---- | C] () -- C:\Users\***\Desktop\GRID.lnk [2010.05.17 23:07:29 | 000,082,029 | ---- | C] () -- C:\Users\***\Desktop\twb-573.jpg [2010.05.16 14:56:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf [2010.05.16 14:56:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01007.Wdf [2010.05.03 23:12:43 | 000,000,816 | ---- | C] () -- C:\Users\***\Desktop\Conviction.lnk [2010.04.04 15:27:48 | 000,000,058 | ---- | C] () -- C:\Windows\picture2avi.ini [2010.02.25 04:05:19 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.11.03 00:10:23 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2030.INI [2009.11.03 00:10:23 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini [2009.11.03 00:10:23 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2009.11.03 00:10:02 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.11.03 00:09:32 | 000,000,338 | ---- | C] () -- C:\Windows\Brownie.ini [2009.10.28 02:59:36 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2009.10.28 02:59:36 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2009.10.28 02:59:19 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL [2009.10.28 02:08:50 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2009.10.28 02:08:50 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2009.10.28 02:08:47 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2009.10.28 02:08:47 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2009.10.28 01:58:20 | 000,031,407 | ---- | C] () -- C:\Windows\Ascd_log.ini [2009.10.28 01:57:35 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2009.10.28 01:57:33 | 000,021,835 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.04 02:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2009.06.04 02:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2009.06.04 01:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2009.05.27 10:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2009.04.02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS < End of report > Extras Scan OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.06.2010 02:42:25 - Run 1
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Users\***\Desktop\AntiVirus
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 207,32 Gb Free Space | 69,57% Space Free | Partition Type: NTFS
Drive D: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 465,76 Gb Total Space | 197,72 Gb Free Space | 42,45% Space Free | Partition Type: NTFS
Computer Name: ABASE
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- M:\System\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "M:\System\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "M:\System\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "M:\System\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "M:\System\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1099EE17-B0D7-FA18-50AB-6F3D3A4E2C9A}" = AMD Drag and Drop Transcoding
"{338F5103-68E0-786A-0369-5862F3FBF62C}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{6F9B9AEB-00D8-4000-AD5B-7E97E85571DE}" = ScopeUserGuide
"{7D2082CA-2B0C-0F31-4CD7-B19036F0041F}" = ccc-utility64
"{8753DF4D-64B0-474E-9A97-0AB5585D9A53}" = Logitech Gaming Software 5.04
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.00
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DF10FAAC-B82A-E6BF-A547-6954BFB5AC94}" = ATI AVIVO64 Codecs
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{086B731A-97C5-4648-AA99-A2FDFE7855C7}" = Catalyst Control Center InstallProxy
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{1271150C-C048-40CD-07AD-5F6767EB5674}" = HydraVision
"{131CFEC0-9408-4AE2-96FE-9F19B2029F58}" = Brother HL-2030
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1B8F7B2B-821C-F202-E3C1-B9C2558480E3}" = CCC Help Polish
"{1CC49FB4-1700-F359-2555-10C106BEC877}" = Catalyst Control Center Graphics Full Existing
"{1DC4E424-5D92-4C92-B1E1-4BE4318E7136}" = James Cameron's AVATAR(tm): DAS SPIEL (Demo)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24E4DA5F-2308-9F9F-B65C-35199A199709}" = Catalyst Control Center Localization All
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{315FCB68-694D-F1EF-7A82-781DBD7F7DBA}" = CCC Help Chinese Standard
"{38198326-F590-9AD0-AC88-1424EBE63C7E}" = CCC Help Turkish
"{3885CE41-C333-5715-CD9D-6154B8C95FF4}" = CCC Help Greek
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4055B5B2-DE2C-782A-2858-386EC2544C3D}" = Catalyst Control Center Graphics Previews Vista
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{77DA99E4-FB51-F98B-61B9-7558BF1F86AD}" = CCC Help Korean
"{7C6ADDD9-98EC-1A78-F1B0-A98B971701CF}" = CCC Help English
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8851CBDA-ED34-424A-DB19-3C83973ACB55}" = CCC Help French
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{95335AF1-3FFE-AFCA-3D43-B633A4DA41F4}" = CCC Help Thai
"{97EA42A5-3FAB-4948-B74D-F3C44B13F5CE}" = Crysis WARHEAD(R) Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F2A8051-62FD-AAA3-8944-BE96ADD762B2}" = CCC Help Hung***an
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A1CC7FEC-0B87-808C-8F60-E5CA8AEBAF79}" = CCC Help German
"{A1D6F3F4-615B-C687-61D3-52A18558B4BF}" = CCC Help Japanese
"{A35808A5-87C1-44DD-782B-1EB775FE3612}" = CCC Help Dutch
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A53DAB1F-6323-4CFB-44CE-C8E9782C1BFB}" = CCC Help Danish
"{A926E1D6-7008-7258-BBDF-2EB4CAEDBB8F}" = CCC Help Chinese Traditional
"{AA24DD67-F3F0-2896-48DE-192349B25DF3}" = Catalyst Control Center Graphics Full New
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{ADC40572-02BD-2D52-759B-1CADC2E4DF47}" = CCC Help Spanish
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B2D4D657-DAA4-4C68-B01E-11736C1D8C0D}" = Unigine Heaven Benchmark v1.0
"{B736CE4B-4EF6-BE8A-9245-DAD0DEE14E6B}" = CCC Help Finnish
"{B75174D6-4589-5B17-BA76-25B800522A3D}" = CCC Help Swedish
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BCCCA844-1127-D881-2C8E-FACDD22E098D}" = CCC Help Portuguese
"{BD4B4476-AD9A-ED0F-774A-CEBB2CEE891D}" = Catalyst Control Center Core Implementation
"{C3893B61-4615-AE41-D70B-F905AAF49FCB}" = CCC Help Norwegian
"{C454C7F5-5A05-409C-1873-DB713703F8C1}" = CCC Help Czech
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{D6D9F436-1304-9613-9E4B-AA2E7181B41B}" = Catalyst Control Center Graphics Light
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DD61FF17-327C-B2E4-0610-54BBBDDAB34C}" = CCC Help Italian
"{E0A3541B-88AD-D0A0-4EB9-2A6F07876FFB}" = CCC Help Russian
"{E5970961-81FC-3D2D-D5C4-874FB7401B6A}" = Catalyst Control Center Graphics Previews Common
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{f045ec64-ed96-11de-bb6e-56f655d89593}}_is1" = "Wings of Prey Demo" (Unistall)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F5599028-06CF-7846-A528-019DD8EBDD37}" = ccc-core-static
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9D540CC-98FA-6BFE-699B-F5587191BD26}" = Catalyst Control Center HydraVision Full
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Conan_is1" = Age of Conan - Hyborian Adventures
"ALchemy" = Creative ALchemy
"ASIO4ALL" = ASIO4ALL
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Beta-EU" = APB Beta-EU
"Buy Script Maker für CSS" = Buy Script Maker für CSS 0.601
"CCleaner" = CCleaner
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Creative Volume Panel" = Lautstärkefenster
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Crysis WARHEAD(R) Patch" = Crysis WARHEAD(R) Patch
"Dark Horizon Patch_is1" = Dark Horizon Patch
"Dark Horizon_is1" = Dark Horizon
"FairStars CD Ripper_is1" = FairStars CD Ripper 1.29
"FL Studio 9" = FL Studio 9
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"NFS SHIFT NoIntro FIX by JP-TEC" = NFS SHIFT NoIntro FIX by JP-TEC
"Nokia PC Suite" = Nokia PC Suite
"OpenAL" = OpenAL
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"QuicktimeAlt_is1" = QuickTime Alternative 3.0.0
"Sawer" = Sawer
"SFBM" = SoundFont-Bank-Manager
"Steam App 12840" = DiRT 2
"Steam App 13140" = America's Army 3
"Steam App 240" = Counter-Strike: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"Toxic Biohazard" = Toxic Biohazard
"VLC media player" = VLC media player 1.0.3
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.15.7.0b
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"sc10-ORF_MAIN" = ORF-Ski Challenge 2010
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
01.06.2010, 13:23
| #3 |
| | Antimalware Doctor Update:
__________________Heute gabs ein Datenbankupdate von Malewarebytes auf die Version 4160. Damit hat er 4 neue Infizierte Gefunden. Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4160 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 01.06.2010 14:11:34 mbam-log-2010-06-01 (14-11-34).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|M:\|) Durchsuchte Objekte: 327562 Laufzeit: 43 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gotnewupdate000.exe (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\***\AppData\Roaming\F8DFE2F9B073ADC1B9B913B46C20900B\gotnewupdate000.exe (Trojan.Agent) -> Quarantined and deleted successfully. Nach dem Neustart hat sich kein Antimalware Doctor mehr geöffnet. (Mbam wollte direkt beim einloggen Admin rechte, ich hab sie ihm gegeben, allerdings hat sich das Programm nicht geöffnet. Ist das normal?) Ich nehme an der Spuk ist nun vorbei. Werde nochmal mit Avira und dann Mbam scannen und die Logs posten. RKill schließt aber beim Starten nach wie vor 2 Prozesse: Sind die ungefährlich?: This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as *** on 01.06.2010 at 14:14:36. Processes terminated by Rkill or while it was running: C:\Users\***\AppData\Local\ATI Drivers\ATI_MainBoard.exe C:\Users\***\Desktop\AntiVirus\iExplorer.exe Rkill completed on 01.06.2010 at 14:14:39. Nachwie vor stellen sich mir aber noch diese Fragen, bitte die zu beantworten: Weiters wird es eine dauerhafte Beeinträchtigung meines PCs geben (Geschwindigkeit, etc.)? Ist mein PC vollständig sauber? Zu guter letzt: Welche Programme sind hilfreich um schon im Vorraus eine Ausbreitung von Viren solcher Art zu verhindern? Ist da Zonealarm hilfreich? Bislang hab ich nur Avira Antivirus laufen. und noch eine weitere: Wie kann ich meinen Ram nach Viren und Malware durchsuchen? Logs von meinem (hoffentlich cleanen System) werden nun nachgereicht. (Mbam, OTL, Avira) Geändert von Wisdoom (01.06.2010 um 13:42 Uhr) |
|
01.06.2010, 13:40
| #4 |
| | Antimalware Doctor Logs vom hoffentlich Cleanen System: Angefangen bei OTL: OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 01.06.2010 14:35:36 - Run 3 OTL by OldTimer - Version 3.2.5.2 Folder = C:\Users\***\Desktop\AntiVirus 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297,99 Gb Total Space | 207,33 Gb Free Space | 69,58% Space Free | Partition Type: NTFS Drive D: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive M: | 465,76 Gb Total Space | 197,72 Gb Free Space | 42,45% Space Free | Partition Type: NTFS Computer Name: ABASE Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\AntiVirus\OTL.exe (OldTimer Tools) PRC - C:\Users\***\AppData\Local\ATI Drivers\ATI_MainBoard.exe (Microsoft) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - M:\System\CD_BurnerXP\NMSAccessU.exe () PRC - M:\System\NokiaPCS\Nokia PC Suite 7\PCSuite.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - M:\System\LogitechG9\SetPoint\x86\SetPoint32.exe () PRC - C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTek) PRC - C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe (ASUSTek) PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe () PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\AntiVirus\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (WatAdminSvc) -- C:\Windows\SysNative\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (NMSAccessU) -- M:\System\CD_BurnerXP\NMSAccessU.exe () SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (DAUpdaterSvc) -- M:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe () SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys () DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Nokia) DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:64bit: - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\SysNative\drivers\USBAUDIO.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV - (StarOpen) -- C:\Windows\SysWOW64\drivers\StarOpen.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (AsIO) -- C:\Windows\SysWOW64\drivers\AsIO.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC 53 2C B9 4A 57 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4 FF - prefs.js..extensions.enabledItems: {989e9382-d540-4189-88d1-fc54a949a387}:0.8.7 FF - prefs.js..extensions.enabledItems: {a02c0c70-605c-11da-8cd6-0800200c9a66}:4.22 FF - prefs.js..extensions.enabledItems: {3ffb7be0-8bde-11de-8a39-0800200c9a66}:3.6.05.02.10 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: M:\System\NokiaPCS\Nokia PC Suite 7\bkmrksync\ [2010.05.16 14:53:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: M:\System\Firefox\components [2010.04.03 13:07:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: M:\System\Firefox\plugins [2010.04.18 21:53:56 | 000,000,000 | ---D | M] [2009.12.23 03:49:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla\Extensions [2010.05.31 13:59:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions [2010.02.28 19:31:22 | 000,000,000 | ---D | M] (Gold Steel) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions\{030869c0-68e7-11dd-ad8b-0800200c9a66} [2010.02.28 19:30:12 | 000,000,000 | ---D | M] (Purple Fox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions\{3ffb7be0-8bde-11de-8a39-0800200c9a66} [2010.02.28 19:32:55 | 000,000,000 | ---D | M] (Ambient Fox Maroon) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions\{4aed382a-3293-4721-85cc-1aab07b510eb} [2010.03.15 16:49:07 | 000,000,000 | ---D | M] (FennecFox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions\{989e9382-d540-4189-88d1-fc54a949a387} [2010.02.28 19:19:53 | 000,000,000 | ---D | M] (PimpZilla) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66} [2010.02.28 19:23:53 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [QuickTime Task] M:\System\QuickTime Alternative\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTek) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [ATI MainBoard] C:\Users\***\AppData\Local\ATI Drivers\ATI_MainBoard.exe (Microsoft) O4 - HKCU..\Run: [PC Suite Tray] M:\System\NokiaPCS\Nokia PC Suite 7\PCSuite.exe (Nokia) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2010.02.10 08:21:09 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ] O32 - AutoRun File - [2010.01.31 10:21:13 | 000,367,686 | R--- | M] () - D:\Autorun.ico -- [ CDFS ] O32 - AutoRun File - [2010.02.10 04:55:03 | 009,965,568 | R--- | M] () - D:\autorun.dat -- [ CDFS ] O32 - AutoRun File - [2010.02.10 04:54:55 | 000,000,155 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{6e312501-c339-11de-b0aa-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6e312501-c339-11de-b0aa-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.01 02:36:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010.06.01 01:16:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.06.01 01:15:43 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\AntiVirus [2010.06.01 01:15:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.06.01 01:15:26 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.06.01 01:15:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2010.06.01 01:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.01 00:05:57 | 000,000,000 | RHSD | C] -- C:\Users\***\AppData\Local\ATI Drivers [2010.06.01 00:05:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\F8DFE2F9B073ADC1B9B913B46C20900B [2010.05.23 16:14:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Diagnostics [2010.05.23 16:03:27 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Codemasters [2010.05.18 18:14:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2010.05.18 18:14:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2010.05.18 18:14:12 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys [2010.05.16 17:37:28 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Meine empfangenen Dateien [2010.05.16 14:53:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PC Suite [2010.05.16 14:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite [2010.05.16 14:53:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nokia [2010.05.16 14:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PCSuite [2010.05.16 14:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia [2010.05.16 14:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2010.05.16 14:53:29 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys [2010.05.16 14:53:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2010.05.16 14:53:19 | 000,067,584 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdclsx64.dll [2010.05.16 14:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations [2010.05.03 15:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2010.05.03 15:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2009.06.04 01:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.01 14:33:44 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.01 14:33:44 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.01 14:30:45 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.06.01 14:30:45 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.06.01 14:30:45 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.06.01 14:30:45 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.06.01 14:30:45 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.06.01 14:27:08 | 002,621,440 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.06.01 14:26:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.01 14:26:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.01 14:26:27 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys [2010.06.01 14:25:44 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000007-00000000-00000003-00001102-00000005-00291102}.rfx [2010.06.01 14:25:44 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000007-00000000-00000003-00001102-00000005-00291102}.rfx [2010.06.01 14:25:44 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000007-00000000-00000003-00001102-00000005-00291102}.rfx [2010.06.01 14:25:36 | 016,601,772 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.06.01 14:11:46 | 000,000,338 | ---- | M] () -- C:\Windows\Brownie.ini [2010.05.30 18:19:56 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2010.05.30 16:25:19 | 000,003,564 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2010.05.30 02:06:58 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010.05.30 02:02:01 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.05.23 16:15:24 | 000,000,966 | ---- | M] () -- C:\Users\***\Desktop\GRID.lnk [2010.05.17 23:07:29 | 000,082,029 | ---- | M] () -- C:\Users\***\Desktop\twb-573.jpg [2010.05.16 14:56:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf [2010.05.16 14:56:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01007.Wdf [2010.05.03 23:12:43 | 000,000,816 | ---- | M] () -- C:\Users\***\Desktop\Conviction.lnk [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.30 16:25:19 | 000,003,564 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2010.05.23 16:15:24 | 000,000,966 | ---- | C] () -- C:\Users\***\Desktop\GRID.lnk [2010.05.17 23:07:29 | 000,082,029 | ---- | C] () -- C:\Users\***\Desktop\twb-573.jpg [2010.05.16 14:56:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf [2010.05.16 14:56:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01007.Wdf [2010.05.03 23:12:43 | 000,000,816 | ---- | C] () -- C:\Users\***\Desktop\Conviction.lnk [2010.04.04 15:27:48 | 000,000,058 | ---- | C] () -- C:\Windows\picture2avi.ini [2010.02.25 04:05:19 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.11.03 00:10:23 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2030.INI [2009.11.03 00:10:23 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini [2009.11.03 00:10:23 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2009.11.03 00:10:02 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.11.03 00:09:32 | 000,000,338 | ---- | C] () -- C:\Windows\Brownie.ini [2009.10.28 02:59:36 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2009.10.28 02:59:36 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2009.10.28 02:59:19 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL [2009.10.28 02:08:50 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2009.10.28 02:08:50 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2009.10.28 02:08:47 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2009.10.28 02:08:47 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2009.10.28 01:58:20 | 000,031,407 | ---- | C] () -- C:\Windows\Ascd_log.ini [2009.10.28 01:57:35 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2009.10.28 01:57:33 | 000,021,835 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.04 02:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2009.06.04 02:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2009.06.04 01:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2009.05.27 10:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2009.04.02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS < End of report > --- --- --- Extra:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.06.2010 14:35:36 - Run 3
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Users\***\Desktop\AntiVirus
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 207,33 Gb Free Space | 69,58% Space Free | Partition Type: NTFS
Drive D: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 465,76 Gb Total Space | 197,72 Gb Free Space | 42,45% Space Free | Partition Type: NTFS
Computer Name: ABASE
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- M:\System\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "M:\System\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "M:\System\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "M:\System\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "M:\System\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1099EE17-B0D7-FA18-50AB-6F3D3A4E2C9A}" = AMD Drag and Drop Transcoding
"{338F5103-68E0-786A-0369-5862F3FBF62C}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{6F9B9AEB-00D8-4000-AD5B-7E97E85571DE}" = ScopeUserGuide
"{7D2082CA-2B0C-0F31-4CD7-B19036F0041F}" = ccc-utility64
"{8753DF4D-64B0-474E-9A97-0AB5585D9A53}" = Logitech Gaming Software 5.04
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.00
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DF10FAAC-B82A-E6BF-A547-6954BFB5AC94}" = ATI AVIVO64 Codecs
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{086B731A-97C5-4648-AA99-A2FDFE7855C7}" = Catalyst Control Center InstallProxy
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{1271150C-C048-40CD-07AD-5F6767EB5674}" = HydraVision
"{131CFEC0-9408-4AE2-96FE-9F19B2029F58}" = Brother HL-2030
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1B8F7B2B-821C-F202-E3C1-B9C2558480E3}" = CCC Help Polish
"{1CC49FB4-1700-F359-2555-10C106BEC877}" = Catalyst Control Center Graphics Full Existing
"{1DC4E424-5D92-4C92-B1E1-4BE4318E7136}" = James Cameron's AVATAR(tm): DAS SPIEL (Demo)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24E4DA5F-2308-9F9F-B65C-35199A199709}" = Catalyst Control Center Localization All
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{315FCB68-694D-F1EF-7A82-781DBD7F7DBA}" = CCC Help Chinese Standard
"{38198326-F590-9AD0-AC88-1424EBE63C7E}" = CCC Help Turkish
"{3885CE41-C333-5715-CD9D-6154B8C95FF4}" = CCC Help Greek
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4055B5B2-DE2C-782A-2858-386EC2544C3D}" = Catalyst Control Center Graphics Previews Vista
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{77DA99E4-FB51-F98B-61B9-7558BF1F86AD}" = CCC Help Korean
"{7C6ADDD9-98EC-1A78-F1B0-A98B971701CF}" = CCC Help English
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8851CBDA-ED34-424A-DB19-3C83973ACB55}" = CCC Help French
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{95335AF1-3FFE-AFCA-3D43-B633A4DA41F4}" = CCC Help Thai
"{97EA42A5-3FAB-4948-B74D-F3C44B13F5CE}" = Crysis WARHEAD(R) Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F2A8051-62FD-AAA3-8944-BE96ADD762B2}" = CCC Help Hung***an
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A1CC7FEC-0B87-808C-8F60-E5CA8AEBAF79}" = CCC Help German
"{A1D6F3F4-615B-C687-61D3-52A18558B4BF}" = CCC Help Japanese
"{A35808A5-87C1-44DD-782B-1EB775FE3612}" = CCC Help Dutch
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A53DAB1F-6323-4CFB-44CE-C8E9782C1BFB}" = CCC Help Danish
"{A926E1D6-7008-7258-BBDF-2EB4CAEDBB8F}" = CCC Help Chinese Traditional
"{AA24DD67-F3F0-2896-48DE-192349B25DF3}" = Catalyst Control Center Graphics Full New
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{ADC40572-02BD-2D52-759B-1CADC2E4DF47}" = CCC Help Spanish
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B2D4D657-DAA4-4C68-B01E-11736C1D8C0D}" = Unigine Heaven Benchmark v1.0
"{B736CE4B-4EF6-BE8A-9245-DAD0DEE14E6B}" = CCC Help Finnish
"{B75174D6-4589-5B17-BA76-25B800522A3D}" = CCC Help Swedish
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BCCCA844-1127-D881-2C8E-FACDD22E098D}" = CCC Help Portuguese
"{BD4B4476-AD9A-ED0F-774A-CEBB2CEE891D}" = Catalyst Control Center Core Implementation
"{C3893B61-4615-AE41-D70B-F905AAF49FCB}" = CCC Help Norwegian
"{C454C7F5-5A05-409C-1873-DB713703F8C1}" = CCC Help Czech
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{D6D9F436-1304-9613-9E4B-AA2E7181B41B}" = Catalyst Control Center Graphics Light
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DD61FF17-327C-B2E4-0610-54BBBDDAB34C}" = CCC Help Italian
"{E0A3541B-88AD-D0A0-4EB9-2A6F07876FFB}" = CCC Help Russian
"{E5970961-81FC-3D2D-D5C4-874FB7401B6A}" = Catalyst Control Center Graphics Previews Common
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{f045ec64-ed96-11de-bb6e-56f655d89593}}_is1" = "Wings of Prey Demo" (Unistall)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F5599028-06CF-7846-A528-019DD8EBDD37}" = ccc-core-static
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9D540CC-98FA-6BFE-699B-F5587191BD26}" = Catalyst Control Center HydraVision Full
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Conan_is1" = Age of Conan - Hyborian Adventures
"ALchemy" = Creative ALchemy
"ASIO4ALL" = ASIO4ALL
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Beta-EU" = APB Beta-EU
"Buy Script Maker für CSS" = Buy Script Maker für CSS 0.601
"CCleaner" = CCleaner
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Creative Volume Panel" = Lautstärkefenster
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Crysis WARHEAD(R) Patch" = Crysis WARHEAD(R) Patch
"Dark Horizon Patch_is1" = Dark Horizon Patch
"Dark Horizon_is1" = Dark Horizon
"FairStars CD Ripper_is1" = FairStars CD Ripper 1.29
"FL Studio 9" = FL Studio 9
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"NFS SHIFT NoIntro FIX by JP-TEC" = NFS SHIFT NoIntro FIX by JP-TEC
"Nokia PC Suite" = Nokia PC Suite
"OpenAL" = OpenAL
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"QuicktimeAlt_is1" = QuickTime Alternative 3.0.0
"Sawer" = Sawer
"SFBM" = SoundFont-Bank-Manager
"Steam App 12840" = DiRT 2
"Steam App 13140" = America's Army 3
"Steam App 240" = Counter-Strike: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"Toxic Biohazard" = Toxic Biohazard
"VLC media player" = VLC media player 1.0.3
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.15.7.0b
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"sc10-ORF_MAIN" = ORF-Ski Challenge 2010
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Avira is nächster: Avira AntiVir Personal Erstellungsdatum der Reportdatei: Dienstag, 01. Juni 2010 14:44 Es wird nach 2178836 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 x64 Windowsversion : (plain) [6.1.7600] Boot Modus : Normal gebootet Benutzername : *** Computername : ABASE Versionsinformationen: BUILD.DAT : 10.0.0.567 32097 Bytes 19.04.2010 15:50:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 20.04.2010 15:41:11 AVSCAN.DLL : 10.0.3.0 56168 Bytes 20.04.2010 15:41:11 LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 17:32:59 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 16:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 15:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 10:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 10:15:35 VBASE006.VDF : 7.10.6.83 2048 Bytes 15.04.2010 10:15:35 VBASE007.VDF : 7.10.6.84 2048 Bytes 15.04.2010 10:15:35 VBASE008.VDF : 7.10.6.85 2048 Bytes 15.04.2010 10:15:35 VBASE009.VDF : 7.10.6.86 2048 Bytes 15.04.2010 10:15:35 VBASE010.VDF : 7.10.6.87 2048 Bytes 15.04.2010 10:15:36 VBASE011.VDF : 7.10.6.88 2048 Bytes 15.04.2010 10:15:36 VBASE012.VDF : 7.10.6.89 2048 Bytes 15.04.2010 10:15:36 VBASE013.VDF : 7.10.6.90 2048 Bytes 15.04.2010 10:15:36 VBASE014.VDF : 7.10.6.123 126464 Bytes 19.04.2010 15:41:11 VBASE015.VDF : 7.10.6.152 123392 Bytes 21.04.2010 08:03:14 VBASE016.VDF : 7.10.6.178 122880 Bytes 22.04.2010 10:19:55 VBASE017.VDF : 7.10.6.206 120320 Bytes 26.04.2010 17:20:04 VBASE018.VDF : 7.10.6.232 99328 Bytes 28.04.2010 14:14:13 VBASE019.VDF : 7.10.7.2 155648 Bytes 30.04.2010 11:36:57 VBASE020.VDF : 7.10.7.26 119808 Bytes 04.05.2010 14:17:26 VBASE021.VDF : 7.10.7.51 118272 Bytes 06.05.2010 10:31:12 VBASE022.VDF : 7.10.7.75 404992 Bytes 10.05.2010 18:04:21 VBASE023.VDF : 7.10.7.100 125440 Bytes 13.05.2010 11:13:58 VBASE024.VDF : 7.10.7.119 177664 Bytes 17.05.2010 16:05:07 VBASE025.VDF : 7.10.7.139 129024 Bytes 19.05.2010 11:15:31 VBASE026.VDF : 7.10.7.157 145920 Bytes 21.05.2010 10:52:51 VBASE027.VDF : 7.10.7.173 147456 Bytes 25.05.2010 13:56:13 VBASE028.VDF : 7.10.7.189 120320 Bytes 27.05.2010 11:20:09 VBASE029.VDF : 7.10.7.202 130560 Bytes 31.05.2010 00:32:53 VBASE030.VDF : 7.10.7.203 2048 Bytes 31.05.2010 00:32:53 VBASE031.VDF : 7.10.7.207 46592 Bytes 01.06.2010 11:36:44 Engineversion : 8.2.1.242 AEVDF.DLL : 8.1.2.0 106868 Bytes 24.04.2010 09:59:27 AESCRIPT.DLL : 8.1.3.29 1343866 Bytes 12.05.2010 16:52:34 AESCN.DLL : 8.1.6.1 127347 Bytes 12.05.2010 16:52:33 AESBX.DLL : 8.1.3.1 254324 Bytes 24.04.2010 09:59:28 AERDL.DLL : 8.1.4.6 541043 Bytes 16.04.2010 10:15:54 AEPACK.DLL : 8.2.1.1 426358 Bytes 25.03.2010 22:09:20 AEOFFICE.DLL : 8.1.1.0 201081 Bytes 12.05.2010 16:52:32 AEHEUR.DLL : 8.1.1.27 2670967 Bytes 05.05.2010 11:29:35 AEHELP.DLL : 8.1.11.3 242039 Bytes 03.04.2010 11:05:24 AEGEN.DLL : 8.1.3.9 377203 Bytes 12.05.2010 16:52:32 AEEMU.DLL : 8.1.2.0 393588 Bytes 24.04.2010 09:59:26 AECORE.DLL : 8.1.15.3 192886 Bytes 12.05.2010 16:52:31 AEBB.DLL : 8.1.1.0 53618 Bytes 24.04.2010 09:59:26 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10 AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07 AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 20.04.2010 15:41:11 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 20.04.2010 15:41:11 AVARKT.DLL : 10.0.0.14 227176 Bytes 20.04.2010 15:41:11 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54 NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08 RCTEXT.DLL : 10.0.53.0 98152 Bytes 20.04.2010 15:41:11 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp Protokollierung.......................: niedrig Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, M:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: mittel Abweichende Gefahrenkategorien........: +PFS,+SPR, Beginn des Suchlaufs: Dienstag, 01. Juni 2010 14:44 Der Suchlauf nach versteckten Objekten wird begonnen. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\381b4222-f694-41f0-9685-ff5bb260df2e [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '66' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '121' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '112' Modul(e) wurden durchsucht Durchsuche Prozess 'NclRSSrv.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'ServiceLayer.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'CTXFISPI.EXE' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '66' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'SetPoint32.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'Ctxfihlp.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'VolPanlu.exe' - '75' Modul(e) wurden durchsucht Durchsuche Prozess 'TurboV_EVO.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'ATI_MainBoard.exe' - '72' Modul(e) wurden durchsucht Durchsuche Prozess 'PCSuite.exe' - '83' Modul(e) wurden durchsucht Durchsuche Prozess 'TurboVHELP.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'NMSAccessU.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'mDNSResponder.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'AsSysCtrlService.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '66' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'CTAudSvc.exe' - '30' Modul(e) wurden durchsucht Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD1 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'M:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '804' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' Beginne mit der Suche in 'M:\' <Lokaler Datenträger 2> Ende des Suchlaufs: Dienstag, 01. Juni 2010 15:25 Benötigte Zeit: 41:25 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 29205 Verzeichnisse wurden überprüft 514056 Dateien wurden geprüft 0 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden rep***ert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 514056 Dateien ohne Befall 2268 Archive wurden durchsucht 0 Warnungen 0 Hinweise 503544 Objekte wurden beim Rootkitscan durchsucht 1 Versteckte Objekte wurden gefunden Geändert von Wisdoom (01.06.2010 um 14:26 Uhr) |
|
01.06.2010, 18:15
| #5 |
| | Antimalware Doctor Na toll Mbam hat wieder etwas gefunden (diesmal mit Datenbankversion 4161). Hört das nun nie auf? Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4161 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 01.06.2010 19:07:36 mbam-log-2010-06-01 (19-07-36).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|M:\|) Durchsuchte Objekte: 327898 Laufzeit: 42 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\***\AppData\Local\Temp\Ilk.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully. €dit: Und während Mbam noch einen Re-check macht, findet Avira Guard (kurz nach einem Update) etwas: Avira AntiVir Personal Erstellungsdatum der Reportdatei: Dienstag, 01. Juni 2010 19:23 Es wird nach 2183664 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 x64 Windowsversion : (plain) [6.1.7600] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : ABASE Versionsinformationen: BUILD.DAT : 10.0.0.567 32097 Bytes 19.04.2010 15:50:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 20.04.2010 15:41:11 AVSCAN.DLL : 10.0.3.0 56168 Bytes 20.04.2010 15:41:11 LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 17:32:59 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 16:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 15:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 10:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 10:15:35 VBASE006.VDF : 7.10.6.83 2048 Bytes 15.04.2010 10:15:35 VBASE007.VDF : 7.10.6.84 2048 Bytes 15.04.2010 10:15:35 VBASE008.VDF : 7.10.6.85 2048 Bytes 15.04.2010 10:15:35 VBASE009.VDF : 7.10.6.86 2048 Bytes 15.04.2010 10:15:35 VBASE010.VDF : 7.10.6.87 2048 Bytes 15.04.2010 10:15:36 VBASE011.VDF : 7.10.6.88 2048 Bytes 15.04.2010 10:15:36 VBASE012.VDF : 7.10.6.89 2048 Bytes 15.04.2010 10:15:36 VBASE013.VDF : 7.10.6.90 2048 Bytes 15.04.2010 10:15:36 VBASE014.VDF : 7.10.6.123 126464 Bytes 19.04.2010 15:41:11 VBASE015.VDF : 7.10.6.152 123392 Bytes 21.04.2010 08:03:14 VBASE016.VDF : 7.10.6.178 122880 Bytes 22.04.2010 10:19:55 VBASE017.VDF : 7.10.6.206 120320 Bytes 26.04.2010 17:20:04 VBASE018.VDF : 7.10.6.232 99328 Bytes 28.04.2010 14:14:13 VBASE019.VDF : 7.10.7.2 155648 Bytes 30.04.2010 11:36:57 VBASE020.VDF : 7.10.7.26 119808 Bytes 04.05.2010 14:17:26 VBASE021.VDF : 7.10.7.51 118272 Bytes 06.05.2010 10:31:12 VBASE022.VDF : 7.10.7.75 404992 Bytes 10.05.2010 18:04:21 VBASE023.VDF : 7.10.7.100 125440 Bytes 13.05.2010 11:13:58 VBASE024.VDF : 7.10.7.119 177664 Bytes 17.05.2010 16:05:07 VBASE025.VDF : 7.10.7.139 129024 Bytes 19.05.2010 11:15:31 VBASE026.VDF : 7.10.7.157 145920 Bytes 21.05.2010 10:52:51 VBASE027.VDF : 7.10.7.173 147456 Bytes 25.05.2010 13:56:13 VBASE028.VDF : 7.10.7.189 120320 Bytes 27.05.2010 11:20:09 VBASE029.VDF : 7.10.7.202 130560 Bytes 31.05.2010 00:32:53 VBASE030.VDF : 7.10.7.203 2048 Bytes 31.05.2010 00:32:53 VBASE031.VDF : 7.10.7.210 116736 Bytes 01.06.2010 17:17:31 Engineversion : 8.2.1.242 AEVDF.DLL : 8.1.2.0 106868 Bytes 24.04.2010 09:59:27 AESCRIPT.DLL : 8.1.3.29 1343866 Bytes 12.05.2010 16:52:34 AESCN.DLL : 8.1.6.1 127347 Bytes 12.05.2010 16:52:33 AESBX.DLL : 8.1.3.1 254324 Bytes 24.04.2010 09:59:28 AERDL.DLL : 8.1.4.6 541043 Bytes 16.04.2010 10:15:54 AEPACK.DLL : 8.2.1.1 426358 Bytes 25.03.2010 22:09:20 AEOFFICE.DLL : 8.1.1.0 201081 Bytes 12.05.2010 16:52:32 AEHEUR.DLL : 8.1.1.27 2670967 Bytes 05.05.2010 11:29:35 AEHELP.DLL : 8.1.11.3 242039 Bytes 03.04.2010 11:05:24 AEGEN.DLL : 8.1.3.9 377203 Bytes 12.05.2010 16:52:32 AEEMU.DLL : 8.1.2.0 393588 Bytes 24.04.2010 09:59:26 AECORE.DLL : 8.1.15.3 192886 Bytes 12.05.2010 16:52:31 AEBB.DLL : 8.1.1.0 53618 Bytes 24.04.2010 09:59:26 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10 AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07 AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 20.04.2010 15:41:11 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 20.04.2010 15:41:11 AVARKT.DLL : 10.0.0.14 227176 Bytes 20.04.2010 15:41:11 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54 NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08 RCTEXT.DLL : 10.0.53.0 98152 Bytes 20.04.2010 15:41:11 Konfiguration für den aktuellen Suchlauf: Job Name..............................: avguard_async_scan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4c338401\guard_slideup.avp Protokollierung.......................: niedrig Primäre Aktion........................: reparieren Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: hoch Abweichende Gefahrenkategorien........: +PFS,+SPR, Beginn des Suchlaufs: Dienstag, 01. Juni 2010 19:23 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NclRSSrv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ServiceLayer.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SetPoint32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'CTXFISPI.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Ctxfihlp.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VolPanlu.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TurboV_EVO.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ATI_MainBoard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PCSuite.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TurboVHELP.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NMSAccessU.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AsSysCtrlService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'CTAudSvc.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Users\Ari\AppData\Local\Temp\nbmrh.exe' C:\Users\***\AppData\Local\Temp\nbmrh.exe [FUND] Ist das Trojanische Pferd TR/Buzus.efpt [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48dbe35b.qua' verschoben! Ende des Suchlaufs: Dienstag, 01. Juni 2010 19:23 Benötigte Zeit: 00:03 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 24 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 23 Dateien ohne Befall 0 Archive wurden durchsucht 0 Warnungen 1 Hinweise Die Suchergebnisse werden an den Guard übermittelt. Ich komm mir nicht mehr sicher vor... Geändert von Wisdoom (01.06.2010 um 18:27 Uhr) |
|
01.06.2010, 20:06
| #6 |
| | Antimalware Doctor Mit den aktuellen Versionen von Avira und Mbam hab ich nichts mehr gefunden. Hier noch der OTL Check danach. Wie ist die Lage? Windows Neuinstallation von nöten? OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.06.2010 21:03:57 - Run 4 OTL by OldTimer - Version 3.2.5.2 Folder = C:\Users\***\Desktop\AntiVirus 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 67,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297,99 Gb Total Space | 206,64 Gb Free Space | 69,34% Space Free | Partition Type: NTFS Drive D: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive M: | 465,76 Gb Total Space | 197,72 Gb Free Space | 42,45% Space Free | Partition Type: NTFS Computer Name: ABASE Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\AppData\Local\AMD Drivers\AMD_graphics.exe (Microsoft) PRC - C:\Users\***\Desktop\AntiVirus\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - M:\System\Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - M:\System\CD_BurnerXP\NMSAccessU.exe () PRC - M:\System\NokiaPCS\Nokia PC Suite 7\PCSuite.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - M:\System\LogitechG9\SetPoint\x86\SetPoint32.exe () PRC - C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTek) PRC - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) PRC - C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe (ASUSTek) PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe () PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\AntiVirus\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (WatAdminSvc) -- C:\Windows\SysNative\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (NMSAccessU) -- M:\System\CD_BurnerXP\NMSAccessU.exe () SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (DAUpdaterSvc) -- M:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe () SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys () DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Nokia) DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:64bit: - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\SysNative\drivers\USBAUDIO.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV - (StarOpen) -- C:\Windows\SysWOW64\drivers\StarOpen.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (AsIO) -- C:\Windows\SysWOW64\drivers\AsIO.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC 53 2C B9 4A 57 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4 FF - prefs.js..extensions.enabledItems: {989e9382-d540-4189-88d1-fc54a949a387}:0.8.7 FF - prefs.js..extensions.enabledItems: {a02c0c70-605c-11da-8cd6-0800200c9a66}:4.22 FF - prefs.js..extensions.enabledItems: {3ffb7be0-8bde-11de-8a39-0800200c9a66}:3.6.05.02.10 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: M:\System\NokiaPCS\Nokia PC Suite 7\bkmrksync\ [2010.05.16 14:53:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: M:\System\Firefox\components [2010.04.03 13:07:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: M:\System\Firefox\plugins [2010.04.18 21:53:56 | 000,000,000 | ---D | M] [2009.12.23 03:49:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla\Extensions [2010.06.01 14:47:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions [2010.02.28 19:31:22 | 000,000,000 | ---D | M] (Gold Steel) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions\{030869c0-68e7-11dd-ad8b-0800200c9a66} [2010.02.28 19:30:12 | 000,000,000 | ---D | M] (Purple Fox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions\{3ffb7be0-8bde-11de-8a39-0800200c9a66} [2010.02.28 19:32:55 | 000,000,000 | ---D | M] (Ambient Fox Maroon) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions\{4aed382a-3293-4721-85cc-1aab07b510eb} [2010.03.15 16:49:07 | 000,000,000 | ---D | M] (FennecFox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions\{989e9382-d540-4189-88d1-fc54a949a387} [2010.02.28 19:19:53 | 000,000,000 | ---D | M] (PimpZilla) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66} [2010.02.28 19:23:53 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [QuickTime Task] M:\System\QuickTime Alternative\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTek) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [AMD Graphic] C:\Users\***\AppData\Local\AMD Drivers\AMD_graphics.exe (Microsoft) O4 - HKCU..\Run: [ATI MainBoard] C:\Users\***\AppData\Local\ATI Drivers\ATI_MainBoard.exe (Microsoft) O4 - HKCU..\Run: [PC Suite Tray] M:\System\NokiaPCS\Nokia PC Suite 7\PCSuite.exe (Nokia) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2010.02.10 08:21:09 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ] O32 - AutoRun File - [2010.01.31 10:21:13 | 000,367,686 | R--- | M] () - D:\Autorun.ico -- [ CDFS ] O32 - AutoRun File - [2010.02.10 04:55:03 | 009,965,568 | R--- | M] () - D:\autorun.dat -- [ CDFS ] O32 - AutoRun File - [2010.02.10 04:54:55 | 000,000,155 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{6e312501-c339-11de-b0aa-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6e312501-c339-11de-b0aa-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.01 21:01:07 | 000,000,000 | RHSD | C] -- C:\Users\***\AppData\Local\AMD Drivers [2010.06.01 02:36:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010.06.01 01:16:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.06.01 01:15:43 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\AntiVirus [2010.06.01 01:15:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.06.01 01:15:26 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.06.01 01:15:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2010.06.01 01:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.01 00:05:57 | 000,000,000 | RHSD | C] -- C:\Users\***\AppData\Local\ATI Drivers [2010.06.01 00:05:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\F8DFE2F9B073ADC1B9B913B46C20900B [2010.05.23 16:14:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Diagnostics [2010.05.23 16:03:27 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Codemasters [2010.05.18 18:14:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2010.05.18 18:14:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2010.05.18 18:14:12 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys [2010.05.16 17:37:28 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Meine empfangenen Dateien [2010.05.16 14:53:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PC Suite [2010.05.16 14:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite [2010.05.16 14:53:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nokia [2010.05.16 14:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PCSuite [2010.05.16 14:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia [2010.05.16 14:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2010.05.16 14:53:29 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys [2010.05.16 14:53:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2010.05.16 14:53:19 | 000,067,584 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdclsx64.dll [2010.05.16 14:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations [2010.05.03 15:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2010.05.03 15:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2009.06.04 01:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.01 21:05:11 | 002,621,440 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.06.01 20:58:46 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.01 20:58:46 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.01 20:58:35 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.06.01 20:58:35 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.06.01 20:58:35 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.06.01 20:58:35 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.06.01 20:58:35 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.06.01 20:51:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.01 20:51:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.01 20:51:24 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys [2010.06.01 20:50:42 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000007-00000000-00000003-00001102-00000005-00291102}.rfx [2010.06.01 20:50:42 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000007-00000000-00000003-00001102-00000005-00291102}.rfx [2010.06.01 20:50:42 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000007-00000000-00000003-00001102-00000005-00291102}.rfx [2010.06.01 19:07:42 | 016,602,723 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.06.01 14:11:46 | 000,000,338 | ---- | M] () -- C:\Windows\Brownie.ini [2010.05.30 18:19:56 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2010.05.30 16:25:19 | 000,003,564 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2010.05.30 02:06:58 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010.05.30 02:02:01 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.05.23 16:15:24 | 000,000,966 | ---- | M] () -- C:\Users\***\Desktop\GRID.lnk [2010.05.17 23:07:29 | 000,082,029 | ---- | M] () -- C:\Users\***\Desktop\twb-573.jpg [2010.05.16 14:56:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf [2010.05.16 14:56:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01007.Wdf [2010.05.03 23:12:43 | 000,000,816 | ---- | M] () -- C:\Users\***\Desktop\Conviction.lnk [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.30 16:25:19 | 000,003,564 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2010.05.23 16:15:24 | 000,000,966 | ---- | C] () -- C:\Users\***\Desktop\GRID.lnk [2010.05.17 23:07:29 | 000,082,029 | ---- | C] () -- C:\Users\***\Desktop\twb-573.jpg [2010.05.16 14:56:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf [2010.05.16 14:56:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01007.Wdf [2010.05.03 23:12:43 | 000,000,816 | ---- | C] () -- C:\Users\***\Desktop\Conviction.lnk [2010.04.04 15:27:48 | 000,000,058 | ---- | C] () -- C:\Windows\picture2avi.ini [2010.02.25 04:05:19 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.11.03 00:10:23 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2030.INI [2009.11.03 00:10:23 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini [2009.11.03 00:10:23 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2009.11.03 00:10:02 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.11.03 00:09:32 | 000,000,338 | ---- | C] () -- C:\Windows\Brownie.ini [2009.10.28 02:59:36 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2009.10.28 02:59:36 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2009.10.28 02:59:19 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL [2009.10.28 02:08:50 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2009.10.28 02:08:50 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2009.10.28 02:08:47 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2009.10.28 02:08:47 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2009.10.28 01:58:20 | 000,031,407 | ---- | C] () -- C:\Windows\Ascd_log.ini [2009.10.28 01:57:35 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2009.10.28 01:57:33 | 000,021,835 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.04 02:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2009.06.04 02:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2009.06.04 01:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2009.05.27 10:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2009.04.02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS < End of report > Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.06.2010 21:03:57 - Run 4
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Users\***\Desktop\AntiVirus
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 67,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 206,64 Gb Free Space | 69,34% Space Free | Partition Type: NTFS
Drive D: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 465,76 Gb Total Space | 197,72 Gb Free Space | 42,45% Space Free | Partition Type: NTFS
Computer Name: ABASE
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- M:\System\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "M:\System\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "M:\System\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "M:\System\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "M:\System\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1099EE17-B0D7-FA18-50AB-6F3D3A4E2C9A}" = AMD Drag and Drop Transcoding
"{338F5103-68E0-786A-0369-5862F3FBF62C}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{6F9B9AEB-00D8-4000-AD5B-7E97E85571DE}" = ScopeUserGuide
"{7D2082CA-2B0C-0F31-4CD7-B19036F0041F}" = ccc-utility64
"{8753DF4D-64B0-474E-9A97-0AB5585D9A53}" = Logitech Gaming Software 5.04
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.00
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DF10FAAC-B82A-E6BF-A547-6954BFB5AC94}" = ATI AVIVO64 Codecs
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{086B731A-97C5-4648-AA99-A2FDFE7855C7}" = Catalyst Control Center InstallProxy
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{1271150C-C048-40CD-07AD-5F6767EB5674}" = HydraVision
"{131CFEC0-9408-4AE2-96FE-9F19B2029F58}" = Brother HL-2030
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1B8F7B2B-821C-F202-E3C1-B9C2558480E3}" = CCC Help Polish
"{1CC49FB4-1700-F359-2555-10C106BEC877}" = Catalyst Control Center Graphics Full Existing
"{1DC4E424-5D92-4C92-B1E1-4BE4318E7136}" = James Cameron's AVATAR(tm): DAS SPIEL (Demo)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24E4DA5F-2308-9F9F-B65C-35199A199709}" = Catalyst Control Center Localization All
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{315FCB68-694D-F1EF-7A82-781DBD7F7DBA}" = CCC Help Chinese Standard
"{38198326-F590-9AD0-AC88-1424EBE63C7E}" = CCC Help Turkish
"{3885CE41-C333-5715-CD9D-6154B8C95FF4}" = CCC Help Greek
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4055B5B2-DE2C-782A-2858-386EC2544C3D}" = Catalyst Control Center Graphics Previews Vista
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{77DA99E4-FB51-F98B-61B9-7558BF1F86AD}" = CCC Help Korean
"{7C6ADDD9-98EC-1A78-F1B0-A98B971701CF}" = CCC Help English
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8851CBDA-ED34-424A-DB19-3C83973ACB55}" = CCC Help French
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{95335AF1-3FFE-AFCA-3D43-B633A4DA41F4}" = CCC Help Thai
"{97EA42A5-3FAB-4948-B74D-F3C44B13F5CE}" = Crysis WARHEAD(R) Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F2A8051-62FD-AAA3-8944-BE96ADD762B2}" = CCC Help Hung***an
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A1CC7FEC-0B87-808C-8F60-E5CA8AEBAF79}" = CCC Help German
"{A1D6F3F4-615B-C687-61D3-52A18558B4BF}" = CCC Help Japanese
"{A35808A5-87C1-44DD-782B-1EB775FE3612}" = CCC Help Dutch
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A53DAB1F-6323-4CFB-44CE-C8E9782C1BFB}" = CCC Help Danish
"{A926E1D6-7008-7258-BBDF-2EB4CAEDBB8F}" = CCC Help Chinese Traditional
"{AA24DD67-F3F0-2896-48DE-192349B25DF3}" = Catalyst Control Center Graphics Full New
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{ADC40572-02BD-2D52-759B-1CADC2E4DF47}" = CCC Help Spanish
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B2D4D657-DAA4-4C68-B01E-11736C1D8C0D}" = Unigine Heaven Benchmark v1.0
"{B736CE4B-4EF6-BE8A-9245-DAD0DEE14E6B}" = CCC Help Finnish
"{B75174D6-4589-5B17-BA76-25B800522A3D}" = CCC Help Swedish
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BCCCA844-1127-D881-2C8E-FACDD22E098D}" = CCC Help Portuguese
"{BD4B4476-AD9A-ED0F-774A-CEBB2CEE891D}" = Catalyst Control Center Core Implementation
"{C3893B61-4615-AE41-D70B-F905AAF49FCB}" = CCC Help Norwegian
"{C454C7F5-5A05-409C-1873-DB713703F8C1}" = CCC Help Czech
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{D6D9F436-1304-9613-9E4B-AA2E7181B41B}" = Catalyst Control Center Graphics Light
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DD61FF17-327C-B2E4-0610-54BBBDDAB34C}" = CCC Help Italian
"{E0A3541B-88AD-D0A0-4EB9-2A6F07876FFB}" = CCC Help Russian
"{E5970961-81FC-3D2D-D5C4-874FB7401B6A}" = Catalyst Control Center Graphics Previews Common
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{f045ec64-ed96-11de-bb6e-56f655d89593}}_is1" = "Wings of Prey Demo" (Unistall)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F5599028-06CF-7846-A528-019DD8EBDD37}" = ccc-core-static
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9D540CC-98FA-6BFE-699B-F5587191BD26}" = Catalyst Control Center HydraVision Full
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Conan_is1" = Age of Conan - Hyborian Adventures
"ALchemy" = Creative ALchemy
"ASIO4ALL" = ASIO4ALL
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Beta-EU" = APB Beta-EU
"Buy Script Maker für CSS" = Buy Script Maker für CSS 0.601
"CCleaner" = CCleaner
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Creative Volume Panel" = Lautstärkefenster
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Crysis WARHEAD(R) Patch" = Crysis WARHEAD(R) Patch
"Dark Horizon Patch_is1" = Dark Horizon Patch
"Dark Horizon_is1" = Dark Horizon
"FairStars CD Ripper_is1" = FairStars CD Ripper 1.29
"FL Studio 9" = FL Studio 9
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"NFS SHIFT NoIntro FIX by JP-TEC" = NFS SHIFT NoIntro FIX by JP-TEC
"Nokia PC Suite" = Nokia PC Suite
"OpenAL" = OpenAL
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"QuicktimeAlt_is1" = QuickTime Alternative 3.0.0
"Sawer" = Sawer
"SFBM" = SoundFont-Bank-Manager
"Steam App 12840" = DiRT 2
"Steam App 13140" = America's Army 3
"Steam App 240" = Counter-Strike: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"Toxic Biohazard" = Toxic Biohazard
"VLC media player" = VLC media player 1.0.3
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.15.7.0b
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"sc10-ORF_MAIN" = ORF-Ski Challenge 2010
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
__________________ --> Antimalware Doctor Geändert von Wisdoom (01.06.2010 um 21:00 Uhr) |
|
01.06.2010, 22:35
| #7 |
| | Antimalware Doctor Update: Avira Antivirus Guard hat schon wieder eine infizierte Datei entdeckt: Avira AntiVir Personal Erstellungsdatum der Reportdatei: Dienstag, 01. Juni 2010 23:31 Es wird nach 2183664 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 x64 Windowsversion : (plain) [6.1.7600] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : ABASE Versionsinformationen: BUILD.DAT : 10.0.0.567 32097 Bytes 19.04.2010 15:50:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 20.04.2010 15:41:11 AVSCAN.DLL : 10.0.3.0 56168 Bytes 20.04.2010 15:41:11 LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 17:32:59 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 16:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 15:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 10:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 10:15:35 VBASE006.VDF : 7.10.6.83 2048 Bytes 15.04.2010 10:15:35 VBASE007.VDF : 7.10.6.84 2048 Bytes 15.04.2010 10:15:35 VBASE008.VDF : 7.10.6.85 2048 Bytes 15.04.2010 10:15:35 VBASE009.VDF : 7.10.6.86 2048 Bytes 15.04.2010 10:15:35 VBASE010.VDF : 7.10.6.87 2048 Bytes 15.04.2010 10:15:36 VBASE011.VDF : 7.10.6.88 2048 Bytes 15.04.2010 10:15:36 VBASE012.VDF : 7.10.6.89 2048 Bytes 15.04.2010 10:15:36 VBASE013.VDF : 7.10.6.90 2048 Bytes 15.04.2010 10:15:36 VBASE014.VDF : 7.10.6.123 126464 Bytes 19.04.2010 15:41:11 VBASE015.VDF : 7.10.6.152 123392 Bytes 21.04.2010 08:03:14 VBASE016.VDF : 7.10.6.178 122880 Bytes 22.04.2010 10:19:55 VBASE017.VDF : 7.10.6.206 120320 Bytes 26.04.2010 17:20:04 VBASE018.VDF : 7.10.6.232 99328 Bytes 28.04.2010 14:14:13 VBASE019.VDF : 7.10.7.2 155648 Bytes 30.04.2010 11:36:57 VBASE020.VDF : 7.10.7.26 119808 Bytes 04.05.2010 14:17:26 VBASE021.VDF : 7.10.7.51 118272 Bytes 06.05.2010 10:31:12 VBASE022.VDF : 7.10.7.75 404992 Bytes 10.05.2010 18:04:21 VBASE023.VDF : 7.10.7.100 125440 Bytes 13.05.2010 11:13:58 VBASE024.VDF : 7.10.7.119 177664 Bytes 17.05.2010 16:05:07 VBASE025.VDF : 7.10.7.139 129024 Bytes 19.05.2010 11:15:31 VBASE026.VDF : 7.10.7.157 145920 Bytes 21.05.2010 10:52:51 VBASE027.VDF : 7.10.7.173 147456 Bytes 25.05.2010 13:56:13 VBASE028.VDF : 7.10.7.189 120320 Bytes 27.05.2010 11:20:09 VBASE029.VDF : 7.10.7.202 130560 Bytes 31.05.2010 00:32:53 VBASE030.VDF : 7.10.7.203 2048 Bytes 31.05.2010 00:32:53 VBASE031.VDF : 7.10.7.210 116736 Bytes 01.06.2010 17:17:31 Engineversion : 8.2.1.242 AEVDF.DLL : 8.1.2.0 106868 Bytes 24.04.2010 09:59:27 AESCRIPT.DLL : 8.1.3.29 1343866 Bytes 12.05.2010 16:52:34 AESCN.DLL : 8.1.6.1 127347 Bytes 12.05.2010 16:52:33 AESBX.DLL : 8.1.3.1 254324 Bytes 24.04.2010 09:59:28 AERDL.DLL : 8.1.4.6 541043 Bytes 16.04.2010 10:15:54 AEPACK.DLL : 8.2.1.1 426358 Bytes 25.03.2010 22:09:20 AEOFFICE.DLL : 8.1.1.0 201081 Bytes 12.05.2010 16:52:32 AEHEUR.DLL : 8.1.1.27 2670967 Bytes 05.05.2010 11:29:35 AEHELP.DLL : 8.1.11.3 242039 Bytes 03.04.2010 11:05:24 AEGEN.DLL : 8.1.3.9 377203 Bytes 12.05.2010 16:52:32 AEEMU.DLL : 8.1.2.0 393588 Bytes 24.04.2010 09:59:26 AECORE.DLL : 8.1.15.3 192886 Bytes 12.05.2010 16:52:31 AEBB.DLL : 8.1.1.0 53618 Bytes 24.04.2010 09:59:26 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10 AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07 AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 20.04.2010 15:41:11 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 20.04.2010 15:41:11 AVARKT.DLL : 10.0.0.14 227176 Bytes 20.04.2010 15:41:11 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54 NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08 RCTEXT.DLL : 10.0.53.0 98152 Bytes 20.04.2010 15:41:11 Konfiguration für den aktuellen Suchlauf: Job Name..............................: avguard_async_scan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4c3024e1\guard_slideup.avp Protokollierung.......................: niedrig Primäre Aktion........................: reparieren Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: hoch Abweichende Gefahrenkategorien........: +APPL,+JOKE,+PCK,+PFS,+SPR, Beginn des Suchlaufs: Dienstag, 01. Juni 2010 23:31 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AMD_graphics.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'cmd.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SetPoint32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NclRSSrv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ServiceLayer.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'CTXFISPI.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Ctxfihlp.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VolPanlu.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TurboV_EVO.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PCSuite.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TurboVHELP.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NMSAccessU.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AsSysCtrlService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'CTAudSvc.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Users\***\AppData\Local\Temp\T6tRrK2kvWQ9.exe' C:\Users\***\AppData\Local\Temp\T6tRrK2kvWQ9.exe [FUND] Ist das Trojanische Pferd TR/Downloader.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48d3dd43.qua' verschoben! Ende des Suchlaufs: Dienstag, 01. Juni 2010 23:31 Benötigte Zeit: 00:02 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 25 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 24 Dateien ohne Befall 0 Archive wurden durchsucht 0 Warnungen 1 Hinweise Die Suchergebnisse werden an den Guard übermittelt. €: Gerade eben hat Avira nochmals diesen TR/Downloader.GenTR gefunden. Log post ich mal nicht, ist denke ich nicht notwendig. Geändert von Wisdoom (01.06.2010 um 23:07 Uhr) |
|
02.06.2010, 15:30
| #8 | |
| | Antimalware Doctor Avira hatte heute anscheinend ein Umfangreiches Update. Direkt danach wurde ein neuer Virus vom Guard gemeldet: Avira AntiVir Personal Erstellungsdatum der Reportdatei: Mittwoch, 02. Juni 2010 16:27 Es wird nach 2185968 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 x64 Windowsversion : (plain) [6.1.7600] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : ABASE Versionsinformationen: BUILD.DAT : 10.0.0.567 32097 Bytes 19.04.2010 15:50:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 20.04.2010 15:41:11 AVSCAN.DLL : 10.0.3.0 56168 Bytes 20.04.2010 15:41:11 LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 17:32:59 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 16:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 15:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 10:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 10:15:35 VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 14:23:33 VBASE007.VDF : 7.10.7.219 2048 Bytes 02.06.2010 14:23:33 VBASE008.VDF : 7.10.7.220 2048 Bytes 02.06.2010 14:23:34 VBASE009.VDF : 7.10.7.221 2048 Bytes 02.06.2010 14:23:34 VBASE010.VDF : 7.10.7.222 2048 Bytes 02.06.2010 14:23:35 VBASE011.VDF : 7.10.7.223 2048 Bytes 02.06.2010 14:23:35 VBASE012.VDF : 7.10.7.224 2048 Bytes 02.06.2010 14:23:35 VBASE013.VDF : 7.10.7.225 2048 Bytes 02.06.2010 14:23:36 VBASE014.VDF : 7.10.7.226 2048 Bytes 02.06.2010 14:23:36 VBASE015.VDF : 7.10.7.227 2048 Bytes 02.06.2010 14:23:36 VBASE016.VDF : 7.10.7.228 2048 Bytes 02.06.2010 14:23:36 VBASE017.VDF : 7.10.7.229 2048 Bytes 02.06.2010 14:23:36 VBASE018.VDF : 7.10.7.230 2048 Bytes 02.06.2010 14:23:36 VBASE019.VDF : 7.10.7.231 2048 Bytes 02.06.2010 14:23:36 VBASE020.VDF : 7.10.7.232 2048 Bytes 02.06.2010 14:23:36 VBASE021.VDF : 7.10.7.233 2048 Bytes 02.06.2010 14:23:36 VBASE022.VDF : 7.10.7.234 2048 Bytes 02.06.2010 14:23:37 VBASE023.VDF : 7.10.7.235 2048 Bytes 02.06.2010 14:23:37 VBASE024.VDF : 7.10.7.236 2048 Bytes 02.06.2010 14:23:37 VBASE025.VDF : 7.10.7.237 2048 Bytes 02.06.2010 14:23:37 VBASE026.VDF : 7.10.7.238 2048 Bytes 02.06.2010 14:23:38 VBASE027.VDF : 7.10.7.239 2048 Bytes 02.06.2010 14:23:39 VBASE028.VDF : 7.10.7.240 2048 Bytes 02.06.2010 14:23:39 VBASE029.VDF : 7.10.7.241 2048 Bytes 02.06.2010 14:23:39 VBASE030.VDF : 7.10.7.242 2048 Bytes 02.06.2010 14:23:39 VBASE031.VDF : 7.10.7.243 2048 Bytes 02.06.2010 14:23:40 Engineversion : 8.2.2.4 AEVDF.DLL : 8.1.2.0 106868 Bytes 24.04.2010 09:59:27 AESCRIPT.DLL : 8.1.3.31 1352058 Bytes 02.06.2010 14:24:44 AESCN.DLL : 8.1.6.1 127347 Bytes 12.05.2010 16:52:33 AESBX.DLL : 8.1.3.1 254324 Bytes 24.04.2010 09:59:28 AERDL.DLL : 8.1.4.6 541043 Bytes 16.04.2010 10:15:54 AEPACK.DLL : 8.2.1.1 426358 Bytes 25.03.2010 22:09:20 AEOFFICE.DLL : 8.1.1.0 201081 Bytes 12.05.2010 16:52:32 AEHEUR.DLL : 8.1.1.32 2720118 Bytes 02.06.2010 14:24:32 AEHELP.DLL : 8.1.11.5 242038 Bytes 02.06.2010 14:23:49 AEGEN.DLL : 8.1.3.10 377205 Bytes 02.06.2010 14:23:45 AEEMU.DLL : 8.1.2.0 393588 Bytes 24.04.2010 09:59:26 AECORE.DLL : 8.1.15.3 192886 Bytes 12.05.2010 16:52:31 AEBB.DLL : 8.1.1.0 53618 Bytes 24.04.2010 09:59:26 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10 AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07 AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 20.04.2010 15:41:11 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 20.04.2010 15:41:11 AVARKT.DLL : 10.0.0.14 227176 Bytes 20.04.2010 15:41:11 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54 NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08 RCTEXT.DLL : 10.0.53.0 98152 Bytes 20.04.2010 15:41:11 Konfiguration für den aktuellen Suchlauf: Job Name..............................: avguard_async_scan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4c311484\guard_slideup.avp Protokollierung.......................: niedrig Primäre Aktion........................: rep***eren Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: hoch Abweichende Gefahrenkategorien........: +APPL,+JOKE,+PCK,+PFS,+SPR, Beginn des Suchlaufs: Mittwoch, 02. Juni 2010 16:27 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'cmd.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'jznaSClsfp0f.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NclRSSrv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ServiceLayer.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SetPoint32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'CTXFISPI.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Ctxfihlp.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VolPanlu.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TurboV_EVO.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AMD_graphics.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PCSuite.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TurboVHELP.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NMSAccessU.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AsSysCtrlService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'CTAudSvc.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Users\***\AppData\Local\Temp\Ill.exe' C:\Users\***\AppData\Local\Temp\Ill.exe [FUND] Ist das Trojanische Pferd TR/Renos.ewc.3 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48a3cb90.qua' verschoben! Ende des Suchlaufs: Mittwoch, 02. Juni 2010 16:27 Benötigte Zeit: 00:03 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 27 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden rep***ert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 26 Dateien ohne Befall 0 Archive wurden durchsucht 0 Warnungen 1 Hinweise Die Suchergebnisse werden an den Guard übermittelt. das interessante ist, dass dieser Virus heute erst ins Erkennungsmuster hinzugefügt wurde. Hier die Avira nachricht: Zitat:
Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Users\**\AppData\Local\Temp\9F8A.tmp' C:\Users\**\AppData\Local\Temp\9F8A.tmp [FUND] Ist das Trojanische Pferd TR/PWS.Sinowal.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4e5acddb.qua' verschoben! Ende des Suchlaufs: Mittwoch, 02. Juni 2010 16:37 Benötigte Zeit: 00:03 Minute(n) Hab gerade in meine Quarantäne von Avira geschaut. Dort hab ich etwas interessantes festgestellt: Alle TR/Downloader.Gen wurden im halben Stunden Rhytmus gefunden: 1. Fund: 01.06.2010, 23:31 2. Fund: 02.06.2010 00:01 3. Fund 02.06.2010 00:31 Hab nun mein Java geupdated. Den hinweis hab ich aus einem anderen Forum (2007) Geändert von Wisdoom (02.06.2010 um 16:17 Uhr) |
|
02.06.2010, 22:49
| #9 | |
| | Antimalware Doctor Kaspersky hat 2 Trojaner gefunden. Sollte auch jeder der den Doctor hatte in betracht ziehen. Prevx dürfte ebenfalls ein must have sein. €: Prevx findet zwar einiges, kostet aber die bereinigung Zitat:
4 Verdächtige Dateien hab ich mal in Quarantäne gestellt und an AVIRA gesendet. Hab auch versucht GMER drüberlaufen zu lassen allerdingsbekomme ich da immer folgenden Fehler: Startup: C:\Windows\System32\config\System: Das System kann die angegebene Datei nicht finden. Wenn ich Scan drücke: C:\Windows\System32\config\System: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Geändert von Wisdoom (02.06.2010 um 23:46 Uhr) |
|
03.06.2010, 00:01
| #10 |
| | Antimalware Doctor Nun schaut es schon wesentlich besser aus. Bevor ich die 4 Dateien unter Avira Quarantäne gestellt habe, hatte ich noch bei jedem Neustart 2 endloss Druckdokumente in der Warteschlange. Die sind nun Weg. Frischer HJT log: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:56:32, on 03.06.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe M:\System\NokiaPCS\Nokia PC Suite 7\PCSuite.exe M:\System\LogitechG9\SetPoint\x86\SetPoint32.exe C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe C:\Windows\SysWOW64\Ctxfihlp.exe M:\System\iTunes\iTunesHelper.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Windows\SysWOW64\CTXFISPI.EXE C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe M:\System\KSAV\avp.exe M:\System\Firefox\firefox.exe M:\System\HJT\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - M:\System\KSAV\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - M:\System\KSAV\klwtbbho.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [TurboV EVO] "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [QuickTime Task] "M:\System\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "M:\System\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AVP] "M:\System\KSAV\avp.exe" O4 - HKCU\..\Run: [PC Suite Tray] "M:\System\NokiaPCS\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: SetPointII.lnk = ? O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - M:\System\KSAV\klwtbbho.dll O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - M:\System\KSAV\klwtbbho.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab O20 - AppInit_DLLs: M:\System\KSAV\mzvkbd3.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - M:\System\KSAV\avp.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - M:\Programme\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMSAccessU - Unknown owner - M:\System\CD_BurnerXP\NMSAccessU.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9580 bytes OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.06.2010 00:56:56 - Run 6 OTL by OldTimer - Version 3.2.5.2 Folder = C:\Users\***\Desktop\AntiVirus 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 63,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297,99 Gb Total Space | 189,35 Gb Free Space | 63,54% Space Free | Partition Type: NTFS Drive D: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive M: | 465,76 Gb Total Space | 197,68 Gb Free Space | 42,44% Space Free | Partition Type: NTFS Computer Name: ABASE Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\AntiVirus\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - M:\System\Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - M:\System\CD_BurnerXP\NMSAccessU.exe () PRC - M:\System\NokiaPCS\Nokia PC Suite 7\PCSuite.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - M:\System\KSAV\avp.exe (Kaspersky Lab) PRC - M:\System\LogitechG9\SetPoint\x86\SetPoint32.exe () PRC - C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTek) PRC - C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe (ASUSTek) PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe () PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\AntiVirus\OTL.exe (OldTimer Tools) MOD - M:\System\KSAV\mzvkbd3.dll (Kaspersky Lab) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (WatAdminSvc) -- C:\Windows\SysNative\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (NMSAccessU) -- M:\System\CD_BurnerXP\NMSAccessU.exe () SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AVP) -- M:\System\KSAV\avp.exe (Kaspersky Lab) SRV - (DAUpdaterSvc) -- M:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe () SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys () DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab) DRV:64bit: - (KLBG) -- C:\Windows\SysNative\drivers\klbg.sys (Kaspersky Lab) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Nokia) DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:64bit: - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\SysNative\drivers\USBAUDIO.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV - (StarOpen) -- C:\Windows\SysWOW64\drivers\StarOpen.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (AsIO) -- C:\Windows\SysWOW64\drivers\AsIO.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC 53 2C B9 4A 57 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736 FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4 FF - prefs.js..extensions.enabledItems: {989e9382-d540-4189-88d1-fc54a949a387}:0.8.7 FF - prefs.js..extensions.enabledItems: {a02c0c70-605c-11da-8cd6-0800200c9a66}:4.22 FF - prefs.js..extensions.enabledItems: {3ffb7be0-8bde-11de-8a39-0800200c9a66}:3.6.05.02.10 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: M:\System\NokiaPCS\Nokia PC Suite 7\bkmrksync\ [2010.05.16 14:53:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: M:\System\Firefox\components [2010.04.03 13:07:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: M:\System\Firefox\plugins [2010.06.02 16:46:50 | 000,000,000 | ---D | M] [2009.12.23 03:49:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla\Extensions [2010.06.02 16:29:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions [2010.02.28 19:31:22 | 000,000,000 | ---D | M] (Gold Steel) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions\{030869c0-68e7-11dd-ad8b-0800200c9a66} [2010.02.28 19:30:12 | 000,000,000 | ---D | M] (Purple Fox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions\{3ffb7be0-8bde-11de-8a39-0800200c9a66} [2010.02.28 19:32:55 | 000,000,000 | ---D | M] (Ambient Fox Maroon) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions\{4aed382a-3293-4721-85cc-1aab07b510eb} [2010.03.15 16:49:07 | 000,000,000 | ---D | M] (FennecFox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions\{989e9382-d540-4189-88d1-fc54a949a387} [2010.02.28 19:19:53 | 000,000,000 | ---D | M] (PimpZilla) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66} [2010.02.28 19:23:53 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fe9q90pp.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - M:\System\KSAV\x64\ievkbd.dll (Kaspersky Lab) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - M:\System\KSAV\x64\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - M:\System\KSAV\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - M:\System\KSAV\klwtbbho.dll (Kaspersky Lab) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVP] M:\System\KSAV\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [QuickTime Task] M:\System\QuickTime Alternative\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTek) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [PC Suite Tray] M:\System\NokiaPCS\Nokia PC Suite 7\PCSuite.exe (Nokia) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - M:\System\KSAV\x64\klwtbbho.dll (Kaspersky Lab) O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - M:\System\KSAV\x64\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - M:\System\KSAV\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - M:\System\KSAV\klwtbbho.dll (Kaspersky Lab) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O20 - AppInit_DLLs: (M:\System\KSAV\mzvkbd3.dll) - M:\System\KSAV\mzvkbd3.dll (Kaspersky Lab) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2010.02.10 08:21:09 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ] O32 - AutoRun File - [2010.01.31 10:21:13 | 000,367,686 | R--- | M] () - D:\Autorun.ico -- [ CDFS ] O32 - AutoRun File - [2010.02.10 04:55:03 | 009,965,568 | R--- | M] () - D:\autorun.dat -- [ CDFS ] O32 - AutoRun File - [2010.02.10 04:54:55 | 000,000,155 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{6e312501-c339-11de-b0aa-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6e312501-c339-11de-b0aa-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.02 22:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2010.06.02 22:55:55 | 000,353,296 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2010.06.02 22:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2010.06.02 17:01:22 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.06.02 17:01:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.06.02 17:01:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.06.02 17:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2010.06.02 16:47:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.06.02 16:47:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010.06.02 16:46:50 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010.06.01 21:01:07 | 000,000,000 | RHSD | C] -- C:\Users\***\AppData\Local\AMD Drivers [2010.06.01 02:36:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010.06.01 01:16:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.06.01 01:15:43 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\AntiVirus [2010.06.01 01:15:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.06.01 01:15:26 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.06.01 01:15:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2010.06.01 01:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.01 00:05:57 | 000,000,000 | RHSD | C] -- C:\Users\***\AppData\Local\ATI Drivers [2010.06.01 00:05:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\F8DFE2F9B073ADC1B9B913B46C20900B [2010.05.23 16:14:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Diagnostics [2010.05.23 16:03:27 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Codemasters [2010.05.18 18:14:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2010.05.18 18:14:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2010.05.18 18:14:12 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys [2010.05.16 17:37:28 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Meine empfangenen Dateien [2010.05.16 14:53:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PC Suite [2010.05.16 14:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite [2010.05.16 14:53:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nokia [2010.05.16 14:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PCSuite [2010.05.16 14:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia [2010.05.16 14:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2010.05.16 14:53:29 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys [2010.05.16 14:53:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2010.05.16 14:53:19 | 000,067,584 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdclsx64.dll [2010.05.16 14:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations [2009.06.04 01:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.03 00:56:33 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.06.03 00:56:33 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.06.03 00:56:33 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.06.03 00:56:33 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.06.03 00:56:33 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.06.03 00:52:28 | 002,621,440 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.06.03 00:51:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.03 00:51:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.03 00:51:45 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys [2010.06.03 00:51:04 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000007-00000000-00000003-00001102-00000005-00291102}.rfx [2010.06.03 00:51:04 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000007-00000000-00000003-00001102-00000005-00291102}.rfx [2010.06.03 00:51:04 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000007-00000000-00000003-00001102-00000005-00291102}.rfx [2010.06.03 00:50:49 | 016,711,198 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.06.02 23:37:21 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.02 23:37:21 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.02 23:15:46 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2010.06.02 23:02:33 | 000,149,773 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2010.06.02 23:02:33 | 000,106,765 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2010.06.02 22:55:55 | 000,353,296 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2010.06.02 22:41:49 | 000,000,338 | ---- | M] () -- C:\Windows\Brownie.ini [2010.06.02 17:01:14 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010.06.02 17:01:14 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.06.02 17:01:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.06.02 17:01:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.05.30 16:25:19 | 000,003,564 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2010.05.30 02:06:58 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010.05.30 02:02:01 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.05.23 16:15:24 | 000,000,966 | ---- | M] () -- C:\Users\***\Desktop\GRID.lnk [2010.05.17 23:07:29 | 000,082,029 | ---- | M] () -- C:\Users\***\Desktop\twb-573.jpg [2010.05.16 14:56:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf [2010.05.16 14:56:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01007.Wdf [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.02 22:56:29 | 000,149,773 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2010.06.02 22:56:29 | 000,106,765 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2010.05.30 16:25:19 | 000,003,564 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2010.05.23 16:15:24 | 000,000,966 | ---- | C] () -- C:\Users\***\Desktop\GRID.lnk [2010.05.17 23:07:29 | 000,082,029 | ---- | C] () -- C:\Users\***\Desktop\twb-573.jpg [2010.05.16 14:56:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf [2010.05.16 14:56:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01007.Wdf [2010.04.04 15:27:48 | 000,000,058 | ---- | C] () -- C:\Windows\picture2avi.ini [2010.02.25 04:05:19 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.11.03 00:10:23 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2030.INI [2009.11.03 00:10:23 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini [2009.11.03 00:10:23 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2009.11.03 00:10:02 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.11.03 00:09:32 | 000,000,338 | ---- | C] () -- C:\Windows\Brownie.ini [2009.10.28 02:59:36 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2009.10.28 02:59:36 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2009.10.28 02:59:19 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL [2009.10.28 02:08:50 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2009.10.28 02:08:50 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2009.10.28 02:08:47 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2009.10.28 02:08:47 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2009.10.28 01:58:20 | 000,031,407 | ---- | C] () -- C:\Windows\Ascd_log.ini [2009.10.28 01:57:35 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2009.10.28 01:57:33 | 000,021,835 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.04 02:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2009.06.04 02:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2009.06.04 01:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2009.05.27 10:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2009.04.02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.06.2010 00:56:56 - Run 6
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Users\***\Desktop\AntiVirus
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 63,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 189,35 Gb Free Space | 63,54% Space Free | Partition Type: NTFS
Drive D: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 465,76 Gb Total Space | 197,68 Gb Free Space | 42,44% Space Free | Partition Type: NTFS
Computer Name: ABASE
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- M:\System\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "M:\System\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "M:\System\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "M:\System\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "M:\System\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1099EE17-B0D7-FA18-50AB-6F3D3A4E2C9A}" = AMD Drag and Drop Transcoding
"{338F5103-68E0-786A-0369-5862F3FBF62C}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{6F9B9AEB-00D8-4000-AD5B-7E97E85571DE}" = ScopeUserGuide
"{7D2082CA-2B0C-0F31-4CD7-B19036F0041F}" = ccc-utility64
"{8753DF4D-64B0-474E-9A97-0AB5585D9A53}" = Logitech Gaming Software 5.04
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.00
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DF10FAAC-B82A-E6BF-A547-6954BFB5AC94}" = ATI AVIVO64 Codecs
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{086B731A-97C5-4648-AA99-A2FDFE7855C7}" = Catalyst Control Center InstallProxy
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{1271150C-C048-40CD-07AD-5F6767EB5674}" = HydraVision
"{131CFEC0-9408-4AE2-96FE-9F19B2029F58}" = Brother HL-2030
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1B8F7B2B-821C-F202-E3C1-B9C2558480E3}" = CCC Help Polish
"{1CC49FB4-1700-F359-2555-10C106BEC877}" = Catalyst Control Center Graphics Full Existing
"{1DC4E424-5D92-4C92-B1E1-4BE4318E7136}" = James Cameron's AVATAR(tm): DAS SPIEL (Demo)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24E4DA5F-2308-9F9F-B65C-35199A199709}" = Catalyst Control Center Localization All
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{315FCB68-694D-F1EF-7A82-781DBD7F7DBA}" = CCC Help Chinese Standard
"{38198326-F590-9AD0-AC88-1424EBE63C7E}" = CCC Help Turkish
"{3885CE41-C333-5715-CD9D-6154B8C95FF4}" = CCC Help Greek
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4055B5B2-DE2C-782A-2858-386EC2544C3D}" = Catalyst Control Center Graphics Previews Vista
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{77DA99E4-FB51-F98B-61B9-7558BF1F86AD}" = CCC Help Korean
"{7C6ADDD9-98EC-1A78-F1B0-A98B971701CF}" = CCC Help English
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8851CBDA-ED34-424A-DB19-3C83973ACB55}" = CCC Help French
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{95335AF1-3FFE-AFCA-3D43-B633A4DA41F4}" = CCC Help Thai
"{97EA42A5-3FAB-4948-B74D-F3C44B13F5CE}" = Crysis WARHEAD(R) Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F2A8051-62FD-AAA3-8944-BE96ADD762B2}" = CCC Help Hung***an
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A1CC7FEC-0B87-808C-8F60-E5CA8AEBAF79}" = CCC Help German
"{A1D6F3F4-615B-C687-61D3-52A18558B4BF}" = CCC Help Japanese
"{A35808A5-87C1-44DD-782B-1EB775FE3612}" = CCC Help Dutch
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A53DAB1F-6323-4CFB-44CE-C8E9782C1BFB}" = CCC Help Danish
"{A926E1D6-7008-7258-BBDF-2EB4CAEDBB8F}" = CCC Help Chinese Traditional
"{AA24DD67-F3F0-2896-48DE-192349B25DF3}" = Catalyst Control Center Graphics Full New
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{ADC40572-02BD-2D52-759B-1CADC2E4DF47}" = CCC Help Spanish
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B2D4D657-DAA4-4C68-B01E-11736C1D8C0D}" = Unigine Heaven Benchmark v1.0
"{B736CE4B-4EF6-BE8A-9245-DAD0DEE14E6B}" = CCC Help Finnish
"{B75174D6-4589-5B17-BA76-25B800522A3D}" = CCC Help Swedish
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BCCCA844-1127-D881-2C8E-FACDD22E098D}" = CCC Help Portuguese
"{BD4B4476-AD9A-ED0F-774A-CEBB2CEE891D}" = Catalyst Control Center Core Implementation
"{C3893B61-4615-AE41-D70B-F905AAF49FCB}" = CCC Help Norwegian
"{C454C7F5-5A05-409C-1873-DB713703F8C1}" = CCC Help Czech
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{D6D9F436-1304-9613-9E4B-AA2E7181B41B}" = Catalyst Control Center Graphics Light
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DD61FF17-327C-B2E4-0610-54BBBDDAB34C}" = CCC Help Italian
"{E0A3541B-88AD-D0A0-4EB9-2A6F07876FFB}" = CCC Help Russian
"{E5970961-81FC-3D2D-D5C4-874FB7401B6A}" = Catalyst Control Center Graphics Previews Common
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{f045ec64-ed96-11de-bb6e-56f655d89593}}_is1" = "Wings of Prey Demo" (Unistall)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F5599028-06CF-7846-A528-019DD8EBDD37}" = ccc-core-static
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9D540CC-98FA-6BFE-699B-F5587191BD26}" = Catalyst Control Center HydraVision Full
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Conan_is1" = Age of Conan - Hyborian Adventures
"ALchemy" = Creative ALchemy
"ASIO4ALL" = ASIO4ALL
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Beta-EU" = APB Beta-EU
"Buy Script Maker für CSS" = Buy Script Maker für CSS 0.601
"CCleaner" = CCleaner
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Creative Volume Panel" = Lautstärkefenster
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Crysis WARHEAD(R) Patch" = Crysis WARHEAD(R) Patch
"Dark Horizon Patch_is1" = Dark Horizon Patch
"Dark Horizon_is1" = Dark Horizon
"FairStars CD Ripper_is1" = FairStars CD Ripper 1.29
"FL Studio 9" = FL Studio 9
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"NFS SHIFT NoIntro FIX by JP-TEC" = NFS SHIFT NoIntro FIX by JP-TEC
"Nokia PC Suite" = Nokia PC Suite
"OpenAL" = OpenAL
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"QuicktimeAlt_is1" = QuickTime Alternative 3.0.0
"Sawer" = Sawer
"SFBM" = SoundFont-Bank-Manager
"Steam App 12840" = DiRT 2
"Steam App 13140" = America's Army 3
"Steam App 240" = Counter-Strike: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"Toxic Biohazard" = Toxic Biohazard
"VLC media player" = VLC media player 1.0.3
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.15.7.0b
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"sc10-ORF_MAIN" = ORF-Ski Challenge 2010
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Vielleicht liegt es daran, dass ich nun Kaspersky und Avira parallell rennen habe, aber mein PC ist nun doch etwas langsamer geworden seit heute. (i7 860, 4GB RAM, win 7) |
|
03.06.2010, 01:10
| #11 |
| | Antimalware Doctor €: SUPERAntispyware hat noch 2 Tracking Cookies gefunden. RKill tötet sich aber immer noch selbst und laut ersteller ist das nach wie vor ein Zeichen, dass man nicht clean ist. __________________ Geändert von Wisdoom (03.06.2010 um 01:17 Uhr) |
|
03.06.2010, 01:16
| #12 |
| | Antimalware Doctor ---------------------- |
|
03.06.2010, 15:57
| #13 |
| | Antimalware Doctor Nun scheint Ruhe zu sein. HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:58:21, on 03.06.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe M:\System\NokiaPCS\Nokia PC Suite 7\PCSuite.exe C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe M:\System\LogitechG9\SetPoint\x86\SetPoint32.exe C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe C:\Windows\SysWOW64\Ctxfihlp.exe C:\Windows\SysWOW64\CTXFISPI.EXE M:\System\iTunes\iTunesHelper.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe M:\System\KSAV\avp.exe M:\System\HJT\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - M:\System\KSAV\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - M:\System\KSAV\klwtbbho.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [TurboV EVO] "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [QuickTime Task] "M:\System\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "M:\System\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AVP] "M:\System\KSAV\avp.exe" O4 - HKCU\..\Run: [PC Suite Tray] "M:\System\NokiaPCS\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: SetPointII.lnk = ? O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - M:\System\KSAV\klwtbbho.dll O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - M:\System\KSAV\klwtbbho.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab O20 - AppInit_DLLs: M:\System\KSAV\mzvkbd3.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - M:\System\KSAV\avp.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - M:\Programme\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMSAccessU - Unknown owner - M:\System\CD_BurnerXP\NMSAccessU.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SAS Core Service (SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9603 bytes Grinler hat gemeint, dass es doch normal ist dass sich Rkill selbst tötet. |
|
| Themen zu Antimalware Doctor |
| .dll, 0 bytes, antimaleware, antivir, blockiert, broken.opencommand, datei, desktop, drucker, firefox.exe, free, hilfreich, infiziert, internet, launch, local\temp, malewarebytes anti-maleware, microsoft, modul, namen, nt.dll, programdata, programm, prozesse, rogue.antimalwaredoctor, rootkit.dropper, rundll, rundll32.exe, scan, sched.exe, seite, software, spyware, spyware.onlinegames, start menu, suchlauf, svchost.exe, syswow64, temp, trojan.downloader, trojaner, virus, windows |
Linear-Darstellung
