FB srt.jpg file

mobert · 18.10.2011, 18:33

heute bekam ich per pm den link und klickte drauf. erst kam eine hp die nicht recht laden wollte und dann ein fenster (wie es bei der installation von programmen ist ob ich xxx ausführen möchte) was ich schloss bzw nicht ausführen lies.
ich hab die ein paar andere threads zu diesem thema gelesen. Bei mir ist es aber so dass Malwarebytes 0 funde hat und ich meines erachtens das programm auch nicht ausführen lies. avira hat auch nicht reagiert als oben genanntes passierte.

bin ich nun sauber oder nicht?

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7974

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18.10.2011 19:11:51
mbam-log-2011-10-18 (19-11-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Durchsuchte Objekte: 254894
Laufzeit: 13 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

dann kam aber eine meldung bzgl skype:
18:57:50 PC MESSAGE Protection started successfully
18:57:54 PC MESSAGE IP Protection started successfully
19:22:57 PC IP-BLOCK 83.128.80.214 (Type: outgoing, Port: 9622, Process: skype.exe)
19:23:05 PC IP-BLOCK 83.128.80.214 (Type: outgoing, Port: 9622, Process: skype.exe)
19:23:05 PC IP-BLOCK 83.128.80.214 (Type: outgoing, Port: 9622, Process: skype.exe)
19:23:45 PC IP-BLOCK 83.128.80.214 (Type: outgoing, Port: 9622, Process: skype.exe)
19:23:45 PC IP-BLOCK 83.128.80.214 (Type: outgoing, Port: 9622, Process: skype.exe)
19:23:53 PC IP-BLOCK 83.128.80.214 (Type: outgoing, Port: 9622, Process: skype.exe)
19:26:09 PC MESSAGE IP Protection stopped

markusg · 18.10.2011, 18:36

hi
kannst du mir den link senden, den du per privater nachicht erhalten hast? als private nachicht bitte.

mobert · 18.10.2011, 18:45

hab ich soeben geschickt

markusg · 18.10.2011, 19:04

informiere mal bitte den absender, der hatts sicher nicht mit absicht gemacht und er soll seine kontakte informieren.
du hattest glück

mobert · 18.10.2011, 19:07

hab ich schon weil ich eben in anderen themen gelesen hatte das man die personen von denen man den link erhalten hat informieren soll.
die skype warnung ist egal? ich bilde mir nämlich ein das mein internet heute recht langsam ist beim seitenaufbau und einen wlan abbruch hatte ich auch, obwohl es die letzten tage immer super funktionierte

markusg · 18.10.2011, 19:26

wir können ja mal gucken
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)

Doppelklick auf die
OTL.exe

Vista und Win7 User mit Rechtsklick "als Administrator starten"
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal
Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan
links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

mobert · 18.10.2011, 19:51

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18.10.2011 20:46:20 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = F:\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,48 Gb Available Physical Memory | 81,12% Memory free
15,96 Gb Paging File | 14,15 Gb Available in Paging File | 88,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 52,51 Gb Total Space | 27,47 Gb Free Space | 52,32% Space Free | Partition Type: NTFS
Drive E: | 295,04 Gb Total Space | 152,49 Gb Free Space | 51,68% Space Free | Partition Type: NTFS
Drive F: | 878,91 Gb Total Space | 857,59 Gb Free Space | 97,58% Space Free | Partition Type: NTFS
 
Computer Name: PHILIPP | User Name: PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\PC\AppData\Local\Temp\Creative_ALchemy_AL6_Cleanup.0001 (Macrovision Europe Ltd.)
PRC - F:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
PRC - C:\Program Files (x86)\XFast USB\XFastUsb.exe (FNet Co., Ltd.)
PRC - F:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - F:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - F:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - F:\Firefox\firefox.exe (Mozilla Corporation)
PRC - F:\Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\WinService.exe ()
PRC - F:\Netgear\WG111v2.exe ()
PRC - F:\Creativ\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\PC\AppData\Local\Temp\Creative_ALchemy_AL6_Cleanup.0001.dir.0002\~df394b.tmp ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - F:\Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\CtxfiRes.dll ()
MOD - F:\Netgear\WG111v2.exe ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- F:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- F:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (SCM_Service) -- C:\Windows\SysWOW64\WinService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (FNETTBOH_305) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.)
DRV:64bit: - (FNETURPX) -- C:\Windows\SysNative\drivers\FNETURPX.SYS (FNet Co., Ltd.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8187) -- C:\Windows\SysNative\drivers\wg111v2.sys (NETGEAR Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\drivers\SCMNdisP.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2C 88 98 8E 33 8C CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.at"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Programme\Java\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Programme\Adobe Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: F:\Firefox\components [2011.10.16 20:46:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: F:\Firefox\plugins
 
[2011.10.16 19:27:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Extensions
[2011.10.16 21:06:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\p8wtkbsd.default\extensions
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Programme\Java\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] F:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [avgnt] F:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [StartCCC] F:\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] F:\Creativ\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [XFast USB] C:\Program Files (x86)\XFast USB\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKCU..\Run: [ASRockXTU]  File not found
O4 - Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50AE2810-F4EA-4889-BA56-3F0C5D6CBB78}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.18 18:57:27 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Malwarebytes
[2011.10.18 18:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.18 18:57:17 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.10.18 17:04:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.10.18 17:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011.10.18 16:32:11 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.10.18 15:50:56 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011.10.18 15:38:21 | 000,000,000 | ---D | C] -- C:\Users\PC\Documents\StarCraft II
[2011.10.18 15:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011.10.18 15:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011.10.18 15:38:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2011.10.17 21:36:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
[2011.10.17 21:36:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2011.10.17 21:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2011.10.17 21:34:47 | 000,012,288 | ---- | C] (Creative Technology Limited) -- C:\Windows\SysNative\INRES.DLL
[2011.10.17 21:34:47 | 000,011,776 | ---- | C] (Creative Technology Limited) -- C:\Windows\SysWow64\INRES.DLL
[2011.10.17 21:34:01 | 002,011,736 | ---- | C] (Creative) -- C:\Windows\SysNative\drivers\ct20xflt.sys
[2011.10.17 21:34:01 | 001,613,400 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysNative\drivers\ha20x22k.sys
[2011.10.17 21:34:01 | 001,568,344 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysNative\drivers\ha20x2k.sys
[2011.10.17 21:34:01 | 001,445,976 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys
[2011.10.17 21:34:01 | 000,700,632 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysNative\drivers\ctaud2k.sys
[2011.10.17 21:34:01 | 000,580,696 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysNative\drivers\ctac32k.sys
[2011.10.17 21:34:01 | 000,230,488 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\CT20XUT.sys
[2011.10.17 21:34:01 | 000,213,080 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysNative\drivers\ctsfm2k.sys
[2011.10.17 21:34:01 | 000,179,288 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\ctoss2k.sys
[2011.10.17 21:34:01 | 000,137,216 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\sfms32.dll
[2011.10.17 21:34:01 | 000,118,360 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysNative\drivers\emupia2k.sys
[2011.10.17 21:34:01 | 000,095,320 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\CTHWIUT.sys
[2011.10.17 21:34:01 | 000,016,472 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\pfmodnt.sys
[2011.10.17 21:34:01 | 000,015,960 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysNative\drivers\ctprxy2k.sys
[2011.10.17 21:34:01 | 000,010,240 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\sfman32.dll
[2011.10.17 21:34:00 | 001,268,224 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\CTxfispi.exe
[2011.10.17 21:34:00 | 000,218,112 | ---- | C] (Creative Technology Limited) -- C:\Windows\SysNative\ctdvinst.dll
[2011.10.17 21:34:00 | 000,201,216 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\ctemupia.dll
[2011.10.17 21:34:00 | 000,193,024 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\ct_oal.dll
[2011.10.17 21:34:00 | 000,089,088 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysNative\ctosur64.dll
[2011.10.17 21:34:00 | 000,080,896 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\piaproxy.dll
[2011.10.17 21:34:00 | 000,074,240 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\ctosuser.dll
[2011.10.17 21:34:00 | 000,073,728 | ---- | C] (Creative Technology Limited) -- C:\Windows\SysNative\ctcoinst.dll
[2011.10.17 21:34:00 | 000,067,584 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysNative\ctdpxy64.dll
[2011.10.17 21:34:00 | 000,061,952 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\ctdproxy.dll
[2011.10.17 21:34:00 | 000,055,808 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysNative\ctasio64.dll
[2011.10.17 21:34:00 | 000,051,712 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\ctasio.dll
[2011.10.17 21:34:00 | 000,047,104 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\CTxfiReg.exe
[2011.10.17 21:34:00 | 000,042,496 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\CTxfiBtn.dll
[2011.10.17 21:34:00 | 000,039,424 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\CTxfiSpk.dll
[2011.10.17 21:34:00 | 000,036,864 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\devreg.dll
[2011.10.17 21:34:00 | 000,024,576 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\Ctxfihlp.exe
[2011.10.17 21:34:00 | 000,015,360 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\Ct20xspi.dll
[2011.10.17 21:34:00 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2011.10.17 21:34:00 | 000,013,312 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\ac3api.dll
[2011.10.17 21:34:00 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2011.10.17 21:07:42 | 000,048,400 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\AddCat.exe
[2011.10.17 21:05:46 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.10.17 21:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.10.17 20:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative Labs
[2011.10.17 12:57:57 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\vlc
[2011.10.17 11:13:00 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\WinRAR
[2011.10.17 10:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\i4j_jres
[2011.10.17 10:41:28 | 000,627,600 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2011.10.17 10:41:28 | 000,252,296 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2011.10.17 10:41:28 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2011.10.17 10:41:28 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2011.10.16 22:47:03 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Creative
[2011.10.16 22:23:36 | 000,183,296 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysNative\CTOPT352.dll
[2011.10.16 22:23:36 | 000,049,664 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysNative\CTChkAud.dll
[2011.10.16 22:23:36 | 000,042,496 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\AddCat.exe
[2011.10.16 22:02:26 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mscomct2.ocx
[2011.10.16 22:02:26 | 000,053,248 | ---- | C] (Creative Technology Ltd ) -- C:\Windows\Ctregrun.exe
[2011.10.16 21:35:08 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Macromedia
[2011.10.16 21:35:08 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Adobe
[2011.10.16 21:34:59 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.10.16 21:34:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011.10.16 21:34:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.10.16 21:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.10.16 21:27:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011.10.16 21:26:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2011.10.16 21:25:11 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Skype
[2011.10.16 21:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011.10.16 21:03:31 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Leadertech
[2011.10.16 21:03:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2011.10.16 21:03:24 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2011.10.16 21:03:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2011.10.16 21:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2011.10.16 21:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2011.10.16 21:01:55 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Logitech
[2011.10.16 21:01:55 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Logishrd
[2011.10.16 21:00:52 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Logitech
[2011.10.16 21:00:11 | 000,022,408 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\LGBusEnum.sys
[2011.10.16 21:00:11 | 000,016,008 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\LGVirHid.sys
[2011.10.16 21:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2011.10.16 21:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2011.10.16 20:58:55 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011.10.16 20:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011.10.16 20:51:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2011.10.16 20:37:40 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information
[2011.10.16 20:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2011.10.16 20:37:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2011.10.16 20:37:15 | 000,113,152 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysNative\cttele64.dll
[2011.10.16 20:37:15 | 000,106,496 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\cttele32.dll
[2011.10.16 20:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2011.10.16 20:35:44 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011.10.16 20:35:44 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011.10.16 20:35:44 | 000,123,480 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2011.10.16 20:35:44 | 000,109,144 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2011.10.16 20:35:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2011.10.16 20:35:26 | 000,020,480 | ---- | C] (Creative Technology Limited) -- C:\Windows\SysWow64\INRESGER.DLL
[2011.10.16 20:35:26 | 000,020,480 | ---- | C] (Creative Technology Limited) -- C:\Windows\SysNative\INRESGER.DLL
[2011.10.16 20:35:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Data
[2011.10.16 20:35:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Data
[2011.10.16 20:35:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011.10.16 20:23:36 | 000,450,048 | ---- | C] (NETGEAR Inc.) -- C:\Windows\SysNative\drivers\wg111v2.sys
[2011.10.16 20:23:36 | 000,290,816 | ---- | C] (SerComm Corporation) -- C:\Windows\SysWow64\SCMLib.dll
[2011.10.16 20:23:36 | 000,025,312 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\SCMNdisP.sys
[2011.10.16 20:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WG111v2 Smart Wizard
[2011.10.16 20:20:08 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Avira
[2011.10.16 20:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.10.16 20:19:53 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.10.16 20:19:53 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.10.16 20:19:52 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.10.16 20:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.16 20:17:36 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\ATI
[2011.10.16 20:17:36 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\ATI
[2011.10.16 20:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.10.16 20:15:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011.10.16 20:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011.10.16 20:14:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011.10.16 20:14:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.10.16 20:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011.10.16 20:14:12 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011.10.16 20:11:48 | 000,032,320 | ---- | C] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS
[2011.10.16 20:11:45 | 000,015,936 | ---- | C] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETURPX.SYS
[2011.10.16 20:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast USB
[2011.10.16 20:11:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XFast USB
[2011.10.16 20:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\FNET
[2011.10.16 20:11:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Etron Technology
[2011.10.16 20:10:44 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011.10.16 20:10:04 | 000,056,344 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\HECIx64.sys
[2011.10.16 20:09:36 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011.10.16 20:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011.10.16 20:09:36 | 000,000,000 | ---D | C] -- C:\Intel
[2011.10.16 20:09:36 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\InstallShield
[2011.10.16 20:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility
[2011.10.16 19:27:02 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Mozilla
[2011.10.16 19:27:02 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Mozilla
[2011.10.16 19:22:57 | 000,000,000 | R--D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.10.16 19:22:57 | 000,000,000 | R--D | C] -- C:\Users\PC\Searches
[2011.10.16 19:22:57 | 000,000,000 | R--D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.10.16 19:22:49 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Identities
[2011.10.16 19:22:47 | 000,000,000 | R--D | C] -- C:\Users\PC\Contacts
[2011.10.16 19:22:46 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\VirtualStore
[2011.10.16 19:22:37 | 000,000,000 | --SD | C] -- C:\Users\PC\AppData\Roaming\Microsoft
[2011.10.16 19:22:37 | 000,000,000 | R--D | C] -- C:\Users\PC\Videos
[2011.10.16 19:22:37 | 000,000,000 | R--D | C] -- C:\Users\PC\Saved Games
[2011.10.16 19:22:37 | 000,000,000 | R--D | C] -- C:\Users\PC\Pictures
[2011.10.16 19:22:37 | 000,000,000 | R--D | C] -- C:\Users\PC\Music
[2011.10.16 19:22:37 | 000,000,000 | R--D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.10.16 19:22:37 | 000,000,000 | R--D | C] -- C:\Users\PC\Links
[2011.10.16 19:22:37 | 000,000,000 | R--D | C] -- C:\Users\PC\Favorites
[2011.10.16 19:22:37 | 000,000,000 | R--D | C] -- C:\Users\PC\Downloads
[2011.10.16 19:22:37 | 000,000,000 | R--D | C] -- C:\Users\PC\Documents
[2011.10.16 19:22:37 | 000,000,000 | R--D | C] -- C:\Users\PC\Desktop
[2011.10.16 19:22:37 | 000,000,000 | R--D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.10.16 19:22:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\Vorlagen
[2011.10.16 19:22:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\AppData\Local\Verlauf
[2011.10.16 19:22:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\AppData\Local\Temporary Internet Files
[2011.10.16 19:22:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\Startmenü
[2011.10.16 19:22:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\SendTo
[2011.10.16 19:22:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\Recent
[2011.10.16 19:22:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\Netzwerkumgebung
[2011.10.16 19:22:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\Lokale Einstellungen
[2011.10.16 19:22:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\Documents\Eigene Videos
[2011.10.16 19:22:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\Documents\Eigene Musik
[2011.10.16 19:22:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\Eigene Dateien
[2011.10.16 19:22:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\Documents\Eigene Bilder
[2011.10.16 19:22:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\Druckumgebung
[2011.10.16 19:22:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\Cookies
[2011.10.16 19:22:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\AppData\Local\Anwendungsdaten
[2011.10.16 19:22:37 | 000,000,000 | -HSD | C] -- C:\Users\PC\Anwendungsdaten
[2011.10.16 19:22:37 | 000,000,000 | -H-D | C] -- C:\Users\PC\AppData
[2011.10.16 19:22:37 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Temp
[2011.10.16 19:22:37 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Microsoft
[2011.10.16 19:22:37 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Media Center Programs
[2011.10.16 19:22:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.10.16 19:22:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.10.16 19:22:05 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011.10.16 19:22:05 | 000,000,000 | -HSD | C] -- C:\Programme
[2011.10.16 19:22:05 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2011.10.16 19:22:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.10.16 19:22:05 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.10.16 19:22:05 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.10.16 19:22:05 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.10.16 19:22:05 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011.10.16 19:22:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.10.16 19:22:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011.10.16 19:17:41 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011.10.16 19:15:12 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011.10.16 19:14:50 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.18 20:46:10 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.18 20:46:10 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.18 20:43:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.18 20:43:41 | 2133,864,447 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.18 20:43:16 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2011.10.18 20:43:16 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2011.10.18 20:43:16 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2011.10.18 17:05:22 | 000,627,600 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2011.10.18 17:05:22 | 000,252,296 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2011.10.18 17:05:22 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2011.10.18 17:05:22 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2011.10.18 16:38:17 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.10.18 16:38:17 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.10.18 16:38:17 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.10.18 16:38:17 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.10.18 16:38:17 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.10.18 16:32:07 | 433,377,980 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.10.18 15:50:25 | 000,000,714 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011.10.18 02:07:57 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2011.10.18 02:07:57 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2011.10.17 21:35:27 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011.10.17 21:35:27 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011.10.17 21:35:27 | 000,123,480 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2011.10.17 21:35:27 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2011.10.17 21:35:27 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2011.10.16 21:34:59 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.10.16 21:27:09 | 000,002,495 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.10.16 21:03:31 | 000,001,354 | ---- | M] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2011.10.16 21:03:24 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2011.10.16 21:00:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
[2011.10.16 21:00:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSBW_01_00_00.Wdf
[2011.10.16 21:00:11 | 000,374,792 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\drivers\UMDF\lgSSQVGA.dll
[2011.10.16 21:00:11 | 000,157,704 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\drivers\UMDF\lgSSBW.dll
[2011.10.16 21:00:11 | 000,022,408 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\drivers\LGBusEnum.sys
[2011.10.16 21:00:11 | 000,016,008 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\drivers\LGVirHid.sys
[2011.10.16 20:58:55 | 000,000,205 | ---- | M] () -- C:\Users\PC\Desktop\Counter-Strike Source.url
[2011.10.16 20:51:21 | 000,000,632 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011.10.16 20:46:06 | 000,000,593 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.10.16 20:23:36 | 000,000,367 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk
[2011.10.16 20:19:58 | 000,000,749 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.10.16 20:17:57 | 000,000,355 | ---- | M] () -- C:\Users\PC\Desktop\Computer - Verknüpfung.lnk
[2011.10.16 20:17:15 | 000,266,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.16 20:17:07 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011.10.16 20:11:48 | 000,032,320 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS
[2011.10.16 20:11:45 | 000,015,936 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETURPX.SYS
[2011.10.16 20:04:50 | 000,000,657 | ---- | M] () -- C:\Users\Public\Desktop\ASRock eXtreme Tuner.lnk
[2011.10.16 19:31:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.10.16 19:18:24 | 000,057,050 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011.10.16 19:18:24 | 000,057,050 | ---- | M] () -- C:\Windows\SysNative\license.rtf
 
========== Files Created - No Company Name ==========
 
[2011.10.18 17:04:22 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.10.18 16:32:07 | 433,377,980 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.10.18 15:38:21 | 000,000,714 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011.10.17 21:43:51 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm
[2011.10.17 21:43:51 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm
[2011.10.17 21:34:00 | 000,018,432 | ---- | C] () -- C:\Windows\SysNative\regplib.exe
[2011.10.17 21:34:00 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2011.10.17 21:34:00 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2011.10.17 21:34:00 | 000,002,560 | ---- | C] () -- C:\Windows\SysNative\CtxfiRes.dll
[2011.10.17 21:33:58 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2011.10.17 21:33:58 | 000,384,647 | ---- | C] () -- C:\Windows\SysNative\ctdnlstr.dat
[2011.10.17 21:33:58 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2011.10.17 21:33:58 | 000,051,787 | ---- | C] () -- C:\Windows\SysNative\ctdlang.dat
[2011.10.17 21:33:58 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2011.10.17 21:33:58 | 000,017,868 | ---- | C] () -- C:\Windows\SysNative\instwdm.ini
[2011.10.17 21:33:58 | 000,000,054 | ---- | C] () -- C:\Windows\SysNative\ctzapxx.ini
[2011.10.17 21:07:42 | 000,003,126 | ---- | C] () -- C:\Windows\SysNative\PAX.bmp
[2011.10.17 10:45:34 | 000,000,783 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2011.10.17 10:45:34 | 000,000,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2011.10.17 10:45:34 | 000,000,753 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2011.10.16 22:23:36 | 000,006,130 | ---- | C] () -- C:\Windows\SysNative\CTOPT352.cat
[2011.10.16 21:27:09 | 000,002,495 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.10.16 21:03:31 | 000,001,354 | ---- | C] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2011.10.16 21:00:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
[2011.10.16 21:00:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSBW_01_00_00.Wdf
[2011.10.16 20:58:55 | 000,000,205 | ---- | C] () -- C:\Users\PC\Desktop\Counter-Strike Source.url
[2011.10.16 20:51:21 | 000,000,632 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011.10.16 20:46:06 | 000,000,593 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.10.16 20:46:06 | 000,000,593 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.10.16 20:38:20 | 000,062,308 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2011.10.16 20:38:20 | 000,062,308 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2011.10.16 20:38:20 | 000,000,820 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2011.10.16 20:38:00 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd
[2011.10.16 20:35:44 | 000,212,992 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2011.10.16 20:35:44 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.10.16 20:35:44 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2011.10.16 20:35:44 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.10.16 20:35:44 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2011.10.16 20:35:26 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2011.10.16 20:35:26 | 000,002,560 | ---- | C] () -- C:\Windows\SysNative\CTXFIGER.DLL
[2011.10.16 20:23:36 | 000,186,848 | ---- | C] () -- C:\Windows\SysWow64\WinService.exe
[2011.10.16 20:23:36 | 000,000,367 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk
[2011.10.16 20:19:58 | 000,000,749 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.10.16 20:17:57 | 000,000,355 | ---- | C] () -- C:\Users\PC\Desktop\Computer - Verknüpfung.lnk
[2011.10.16 20:17:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.10.16 20:10:11 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2011.10.16 20:04:50 | 000,000,657 | ---- | C] () -- C:\Users\Public\Desktop\ASRock eXtreme Tuner.lnk
[2011.10.16 19:31:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.10.16 19:23:03 | 000,001,405 | ---- | C] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011.10.16 19:22:59 | 000,001,439 | ---- | C] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.10.16 19:18:18 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011.10.16 19:18:11 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011.10.16 19:14:50 | 2133,864,447 | -HS- | C] () -- C:\hiberfil.sys
[2011.09.14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.07.07 21:23:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.01 10:12:32 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 18.10.2011 20:46:20 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = F:\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,48 Gb Available Physical Memory | 81,12% Memory free
15,96 Gb Paging File | 14,15 Gb Available in Paging File | 88,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 52,51 Gb Total Space | 27,47 Gb Free Space | 52,32% Space Free | Partition Type: NTFS
Drive E: | 295,04 Gb Total Space | 152,49 Gb Free Space | 51,68% Space Free | Partition Type: NTFS
Drive F: | 878,91 Gb Total Space | 857,59 Gb Free Space | 97,58% Space Free | Partition Type: NTFS
 
Computer Name: PHILIPP | User Name: PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{119CFC4D-EB75-D47F-1209-032721858C32}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.01
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{A73F0084-A1CC-6E42-06DF-D088D583CC2A}" = AMD Media Foundation Decoders
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"sp6" = Logitech SetPoint 6.30
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{13AE7598-928A-83E7-548B-44FA68242798}" = CCC Help English
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{211D9A2A-0ECA-7AC7-ABAA-03ED3242F33E}" = Catalyst Control Center
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4102037D-E8E0-48E0-B203-E521D194FB71}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"{5066FFF7-0029-BBA3-DD41-D71599987F1B}" = Catalyst Control Center InstallProxy
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FECCC297-24D6-F2B0-2BEC-446AC0205EEB}" = Catalyst Control Center Graphics Previews Common
"5513-1208-7298-9440" = JDownloader 0.9
"ALchemy" = Creative ALchemy
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.54
"AudioCS" = Creative Audio Control Panel
"Avira AntiVir Desktop" = Avira Free Antivirus
"Console Launcher" = Creative Console Launcher
"Creative AutoMode Switcher" = Creative AutoMode Switcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Creative Volume Panel" = Volume Panel
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"OpenAL" = OpenAL
"StarCraft II" = StarCraft II
"Steam App 240" = Counter-Strike: Source
"THX_Console_Unicode" = THX Setup Console
"VLC media player" = VLC media player 1.1.11
"XFast USB" = XFast USB
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.10.2011 17:48:22 | Computer Name = Philipp | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4e989cd3  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4e98ad0c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6edcf069
ID
 des fehlerhaften Prozesses: 0x18c  Startzeit der fehlerhaften Anwendung: 0x01cc8c4c9df600d5
Pfad
 der fehlerhaften Anwendung: f:\games\steam\steamapps\tikm@sms.at\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 90bf6933-f840-11e0-a8b4-99878eed1fa5
 
Error - 17.10.2011 12:03:50 | Computer Name = Philipp | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4e989cd3  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4e98ad0c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6863f069
ID
 des fehlerhaften Prozesses: 0x10b4  Startzeit der fehlerhaften Anwendung: 0x01cc8cb07989de68
Pfad
 der fehlerhaften Anwendung: f:\games\steam\steamapps\tikm@sms.at\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 99bd5b37-f8d9-11e0-b231-d87b961ec3a0
 
Error - 17.10.2011 14:55:43 | Computer Name = Philipp | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4e989cd3  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4e98ad0c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x683cf069
ID
 des fehlerhaften Prozesses: 0xf80  Startzeit der fehlerhaften Anwendung: 0x01cc8cf4ee8e75f4
Pfad
 der fehlerhaften Anwendung: f:\games\steam\steamapps\tikm@sms.at\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 9cbc13ef-f8f1-11e0-b231-d87b961ec3a0
 
Error - 17.10.2011 14:58:54 | Computer Name = Philipp | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Creative\Audio Device Selection Unicode\CTAudSeu.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Creative\Audio Device Selection Unicode\CTAudSeu.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 17.10.2011 15:26:43 | Computer Name = Philipp | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4e989cd3  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4e98ad0c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6d12f069
ID
 des fehlerhaften Prozesses: 0x13e8  Startzeit der fehlerhaften Anwendung: 0x01cc8d00d6e3476e
Pfad
 der fehlerhaften Anwendung: f:\games\steam\steamapps\tikm@sms.at\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 f1551f5a-f8f5-11e0-b2b5-f4ee293e85a4
 
Error - 17.10.2011 16:34:33 | Computer Name = Philipp | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4e989cd3  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4e98ad0c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6b28f069
ID
 des fehlerhaften Prozesses: 0x1364  Startzeit der fehlerhaften Anwendung: 0x01cc8d05a2f65c54
Pfad
 der fehlerhaften Anwendung: f:\games\steam\steamapps\tikm@sms.at\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 6b6e8595-f8ff-11e0-b38f-a936339cffa5
 
Error - 17.10.2011 19:01:11 | Computer Name = Philipp | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4e989cd3  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4e98ad0c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6714f069
ID
 des fehlerhaften Prozesses: 0x7c  Startzeit der fehlerhaften Anwendung: 0x01cc8d1970339ea2
Pfad
 der fehlerhaften Anwendung: f:\games\steam\steamapps\tikm@sms.at\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 e74b601c-f913-11e0-b38f-a936339cffa5
 
Error - 18.10.2011 07:07:04 | Computer Name = Philipp | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4e989cd3  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4e98ad0c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6838f069
ID
 des fehlerhaften Prozesses: 0x1190  Startzeit der fehlerhaften Anwendung: 0x01cc8d7abd51071a
Pfad
 der fehlerhaften Anwendung: f:\games\steam\steamapps\tikm@sms.at\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 4f4c9f49-f979-11e0-9f2f-82d568ce74a4
 
Error - 18.10.2011 11:47:30 | Computer Name = Philipp | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4e989cd3  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4e98ad0c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6a0df069
ID
 des fehlerhaften Prozesses: 0x1208  Startzeit der fehlerhaften Anwendung: 0x01cc8dabb99e7fe4
Pfad
 der fehlerhaften Anwendung: f:\games\steam\steamapps\tikm@sms.at\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 7c605b65-f9a0-11e0-8b6a-e35598d69da4
 
Error - 18.10.2011 14:09:13 | Computer Name = Philipp | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4e989cd3  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4e98ad0c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x69d7f069
ID
 des fehlerhaften Prozesses: 0x10b8  Startzeit der fehlerhaften Anwendung: 0x01cc8dbeb3e8b4ef
Pfad
 der fehlerhaften Anwendung: f:\games\steam\steamapps\tikm@sms.at\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 4854cc88-f9b4-11e0-8b6a-e35598d69da4
 
[ System Events ]
Error - 16.10.2011 14:53:33 | Computer Name = Philipp | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 16.10.2011 15:00:57 | Computer Name = Philipp | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 16.10.2011 15:00:57 | Computer Name = Philipp | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 16.10.2011 15:00:58 | Computer Name = Philipp | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 16.10.2011 15:00:58 | Computer Name = Philipp | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 16.10.2011 15:00:59 | Computer Name = Philipp | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 17.10.2011 04:17:59 | Computer Name = Philipp | Source = DCOM | ID = 10010
Description = 
 
Error - 17.10.2011 12:43:02 | Computer Name = Philipp | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Schedule erreicht.
 
Error - 18.10.2011 10:32:09 | Computer Name = Philipp | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?10.?2011 um 16:30:18 unerwartet heruntergefahren.
 
Error - 18.10.2011 10:32:13 | Computer Name = Philipp | Source = BugCheck | ID = 1001
Description = 
 
 
< End of report >

--- --- ---

markusg · 18.10.2011, 20:33

bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

mobert · 18.10.2011, 21:17

ich hoffe du meinst das so:
Combofix Logfile:

Code:

ATTFilter

ComboFix 11-10-18.04 - PC 18.10.2011  21:54:29.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.8175.6478 [GMT 2:00]
ausgeführt von:: c:\users\PC\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PC\AppData\Local\Temp\Creative_ALchemy_AL6_Cleanup.0001.dir.0002\~df394b.tmp
c:\windows\SysWow64\winservice.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SCM_Service
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-09-18 bis 2011-10-18  ))))))))))))))))))))))))))))))
.
.
2011-10-18 19:56 . 2011-10-18 19:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-10-18 16:57 . 2011-10-18 16:57	--------	d-----w-	c:\programdata\Malwarebytes
2011-10-18 16:57 . 2011-08-31 15:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-10-18 15:04 . 2011-10-18 15:04	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2011-10-18 13:38 . 2011-10-18 14:28	--------	d-----w-	c:\programdata\Blizzard Entertainment
2011-10-18 13:38 . 2011-10-18 13:50	--------	d-----w-	c:\program files (x86)\Common Files\Blizzard Entertainment
2011-10-17 19:36 . 2011-10-17 19:36	--------	d-----w-	c:\program files (x86)\Common Files\Creative
2011-10-17 19:36 . 2011-10-17 19:36	--------	d-----w-	c:\program files (x86)\Common Files\Creative Labs Shared
2011-10-17 19:36 . 2011-10-17 19:42	--------	d-----w-	c:\program files\Creative
2011-10-17 19:07 . 2006-12-05 19:52	48400	----a-w-	c:\windows\SysWow64\AddCat.exe
2011-10-17 18:56 . 2011-10-17 18:56	--------	d-----w-	c:\programdata\Creative Labs
2011-10-17 08:45 . 2011-10-17 08:45	--------	d-----w-	c:\program files (x86)\Common Files\i4j_jres
2011-10-17 08:41 . 2011-10-18 15:05	627600	----a-w-	c:\windows\system32\deployJava1.dll
2011-10-16 20:23 . 2009-09-11 09:06	183296	------w-	c:\windows\system32\CTOPT352.dll
2011-10-16 20:23 . 2008-12-22 18:13	49664	------w-	c:\windows\system32\CTChkAud.dll
2011-10-16 20:23 . 2006-12-05 11:53	42496	------w-	c:\windows\system32\AddCat.exe
2011-10-16 20:02 . 2006-10-06 12:17	53248	------w-	c:\windows\Ctregrun.exe
2011-10-16 20:02 . 2000-05-22 14:58	647872	------w-	c:\windows\SysWow64\Mscomct2.ocx
2011-10-16 19:34 . 2011-10-16 19:34	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-16 19:34 . 2011-10-16 19:34	--------	d-----w-	c:\windows\SysWow64\Macromed
2011-10-16 19:34 . 2011-10-16 19:34	--------	d-----w-	c:\windows\system32\Macromed
2011-10-16 19:27 . 2011-10-16 19:27	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2011-10-16 19:26 . 2011-10-16 19:26	--------	d-----w-	c:\windows\system32\appmgmt
2011-10-16 19:25 . 2011-10-16 19:27	--------	d-----w-	c:\programdata\Skype
2011-10-16 19:03 . 2011-10-16 19:03	--------	d-----w-	c:\program files (x86)\Common Files\LogiShrd
2011-10-16 19:03 . 2011-10-16 19:03	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2011-10-16 19:03 . 2011-10-16 19:03	--------	d-----w-	c:\programdata\Logishrd
2011-10-16 19:03 . 2011-10-16 19:03	--------	d-----w-	c:\program files\Common Files\Logishrd
2011-10-16 19:01 . 2011-09-21 07:00	9049936	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{085E3374-FCE2-487B-807D-1803EAE2F240}\mpengine.dll
2011-10-16 19:01 . 2011-05-24 17:14	270720	------w-	c:\windows\system32\MpSigStub.exe
2011-10-16 19:00 . 2011-10-16 19:00	374792	----a-w-	c:\windows\system32\drivers\UMDF\lgSSQVGA.dll
2011-10-16 19:00 . 2011-10-16 19:00	22408	----a-w-	c:\windows\system32\drivers\LGBusEnum.sys
2011-10-16 19:00 . 2011-10-16 19:00	16008	----a-w-	c:\windows\system32\drivers\LGVirHid.sys
2011-10-16 19:00 . 2011-10-16 19:00	157704	----a-w-	c:\windows\system32\drivers\UMDF\lgSSBW.dll
2011-10-16 19:00 . 2011-10-16 19:00	--------	d-----w-	c:\program files\Logitech Gaming Software
2011-10-16 18:51 . 2011-10-16 19:35	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2011-10-16 18:38 . 2003-06-12 21:25	7062	----a-w-	c:\windows\SysWow64\audiopid.vxd
2011-10-16 18:37 . 2011-10-17 19:36	--------	d--h--w-	c:\program files (x86)\Creative Installation Information
2011-10-16 18:37 . 2011-10-17 19:40	--------	d-----w-	c:\program files (x86)\Creative
2011-10-16 18:37 . 2011-10-17 19:45	--------	d-----w-	c:\programdata\Creative
2011-10-16 18:37 . 2009-02-17 15:33	113152	----a-w-	c:\windows\system32\cttele64.dll
2011-10-16 18:37 . 2009-02-17 15:33	106496	----a-w-	c:\windows\SysWow64\cttele32.dll
2011-10-16 18:23 . 2010-04-06 12:12	450048	----a-w-	c:\windows\system32\drivers\wg111v2.sys
2011-10-16 18:23 . 2007-07-17 13:15	290816	------w-	c:\windows\SysWow64\SCMLib.dll
2011-10-16 18:23 . 2007-01-19 01:24	25312	----a-w-	c:\windows\system32\drivers\SCMNdisP.sys
2011-10-16 18:19 . 2011-09-18 06:39	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-10-16 18:19 . 2011-09-15 21:55	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-10-16 18:19 . 2011-10-16 18:19	--------	d-----w-	c:\programdata\Avira
2011-10-16 18:19 . 2011-09-15 21:55	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-16 18:17 . 2011-10-16 18:17	--------	d-----w-	c:\programdata\ATI
2011-10-16 18:17 . 2011-10-16 18:17	0	----a-w-	c:\windows\ativpsrm.bin
2011-10-16 18:15 . 2011-10-16 18:15	--------	d-----w-	c:\program files (x86)\AMD APP
2011-10-16 18:14 . 2011-10-16 18:14	--------	d-----w-	c:\program files\Common Files\ATI Technologies
2011-10-16 18:14 . 2011-10-16 18:14	--------	d-----w-	c:\program files (x86)\Common Files\ATI Technologies
2011-10-16 18:14 . 2011-10-16 18:14	--------	d-----w-	c:\program files\ATI
2011-10-16 18:14 . 2011-10-16 17:22	--------	d-----w-	c:\windows\Panther
2011-10-16 18:11 . 2011-10-16 18:11	32320	----a-w-	c:\windows\system32\drivers\FNETTBOH_305.SYS
2011-10-16 18:11 . 2011-10-16 18:11	15936	----a-w-	c:\windows\system32\drivers\FNETURPX.SYS
2011-10-16 18:11 . 2011-10-16 18:11	--------	d-----w-	c:\programdata\FNET
2011-10-16 18:11 . 2011-10-16 18:11	--------	d-----w-	c:\program files (x86)\XFast USB
2011-10-16 18:11 . 2011-10-16 18:11	--------	d-----w-	c:\program files (x86)\Etron Technology
2011-10-16 18:10 . 2011-10-18 15:05	--------	d-sh--w-	c:\windows\Installer
2011-10-16 18:10 . 2011-02-01 11:06	8192	----a-w-	c:\windows\system32\drivers\IntelMEFWVer.dll
2011-10-16 18:10 . 2010-10-19 14:34	56344	----a-w-	c:\windows\system32\drivers\HECIx64.sys
2011-10-16 18:09 . 2011-10-17 19:42	--------	d--h--w-	c:\program files (x86)\InstallShield Installation Information
2011-10-16 18:09 . 2011-10-16 18:10	--------	d-----w-	c:\program files (x86)\Intel
2011-10-16 18:09 . 2011-10-16 18:09	--------	d-----w-	C:\Intel
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-14 09:47 . 2011-09-14 09:47	60416	----a-w-	c:\windows\system32\OVDecode64.dll
2011-09-14 09:47 . 2011-09-14 09:47	53760	----a-w-	c:\windows\SysWow64\OVDecode.dll
2011-09-14 09:47 . 2011-09-14 09:47	51200	----a-w-	c:\windows\system32\OpenCL.dll
2011-09-14 09:47 . 2011-09-14 09:47	43520	----a-w-	c:\windows\SysWow64\OpenCL.dll
2011-09-14 09:47 . 2011-09-14 09:47	16652288	----a-w-	c:\windows\system32\amdocl64.dll
2011-09-14 09:46 . 2011-09-14 09:46	13625856	----a-w-	c:\windows\SysWow64\amdocl.dll
2011-09-14 09:38 . 2011-09-14 09:38	44032	----a-w-	c:\windows\system32\amdoclcl64.dll
2011-09-14 09:38 . 2011-09-14 09:38	37376	----a-w-	c:\windows\SysWow64\amdoclcl.dll
2011-09-08 18:27 . 2011-09-08 18:27	10203648	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2011-09-08 17:59 . 2011-09-08 17:59	24229376	----a-w-	c:\windows\system32\atio6axx.dll
2011-09-08 17:39 . 2011-09-08 17:39	18534912	----a-w-	c:\windows\SysWow64\atioglxx.dll
2011-09-08 17:34 . 2011-09-08 17:34	151552	----a-w-	c:\windows\system32\atiapfxx.exe
2011-09-08 17:34 . 2011-09-08 17:34	732672	----a-w-	c:\windows\SysWow64\aticfx32.dll
2011-09-08 17:32 . 2011-09-08 17:32	862720	----a-w-	c:\windows\system32\aticfx64.dll
2011-09-08 17:30 . 2011-09-08 17:30	466944	----a-w-	c:\windows\system32\ATIDEMGX.dll
2011-09-08 17:30 . 2011-09-08 17:30	486912	----a-w-	c:\windows\system32\atieclxx.exe
2011-09-08 17:29 . 2011-09-08 17:29	204288	----a-w-	c:\windows\system32\atiesrxx.exe
2011-09-08 17:28 . 2011-09-08 17:28	120320	----a-w-	c:\windows\system32\atitmm64.dll
2011-09-08 17:28 . 2011-09-08 17:28	423424	----a-w-	c:\windows\system32\atipdl64.dll
2011-09-08 17:28 . 2011-09-08 17:28	356352	----a-w-	c:\windows\SysWow64\atipdlxx.dll
2011-09-08 17:28 . 2011-09-08 17:28	278528	----a-w-	c:\windows\SysWow64\Oemdspif.dll
2011-09-08 17:28 . 2011-09-08 17:28	21504	----a-w-	c:\windows\system32\atimuixx.dll
2011-09-08 17:28 . 2011-09-08 17:28	59392	----a-w-	c:\windows\system32\atiedu64.dll
2011-09-08 17:28 . 2011-09-08 17:28	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2011-09-08 17:24 . 2011-09-08 17:24	4204032	----a-w-	c:\windows\SysWow64\atidxx32.dll
2011-09-08 17:18 . 2011-09-08 17:18	1113088	----a-w-	c:\windows\system32\atiumd6v.dll
2011-09-08 17:18 . 2011-09-08 17:18	1828864	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2011-09-08 17:18 . 2011-09-08 17:18	3888640	----a-w-	c:\windows\system32\atiumd6a.dll
2011-09-08 17:16 . 2011-09-08 17:16	4944896	----a-w-	c:\windows\system32\atidxx64.dll
2011-09-08 17:09 . 2011-09-08 17:09	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2011-09-08 17:09 . 2011-09-08 17:09	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2011-09-08 17:09 . 2011-09-08 17:09	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2011-09-08 17:09 . 2011-09-08 17:09	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2011-09-08 17:09 . 2011-09-08 17:09	8723456	----a-w-	c:\windows\system32\aticaldd64.dll
2011-09-08 17:08 . 2011-09-08 17:08	4064768	----a-w-	c:\windows\SysWow64\atiumdva.dll
2011-09-08 17:05 . 2011-09-08 17:05	7331840	----a-w-	c:\windows\SysWow64\aticaldd.dll
2011-09-08 17:05 . 2011-09-08 17:05	4289024	----a-w-	c:\windows\SysWow64\atiumdag.dll
2011-09-08 17:00 . 2011-09-08 17:00	5428736	----a-w-	c:\windows\system32\atiumd64.dll
2011-09-08 16:59 . 2011-09-08 16:59	58880	----a-w-	c:\windows\system32\coinst.dll
2011-09-08 16:53 . 2011-09-08 16:53	381952	----a-w-	c:\windows\system32\atiadlxx.dll
2011-09-08 16:53 . 2011-09-08 16:53	270336	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2011-09-08 16:52 . 2011-09-08 16:52	15360	----a-w-	c:\windows\system32\atig6pxx.dll
2011-09-08 16:52 . 2011-09-08 16:52	13312	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52	13312	----a-w-	c:\windows\system32\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52	39936	----a-w-	c:\windows\system32\atig6txx.dll
2011-09-08 16:52 . 2011-09-08 16:52	32768	----a-w-	c:\windows\SysWow64\atigktxx.dll
2011-09-08 16:52 . 2011-09-08 16:52	310784	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2011-09-08 16:52 . 2011-09-08 16:52	40960	----a-w-	c:\windows\system32\atiuxp64.dll
2011-09-08 16:51 . 2011-09-08 16:51	31744	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2011-09-08 16:51 . 2011-09-08 16:51	38912	----a-w-	c:\windows\system32\atiu9p64.dll
2011-09-08 16:51 . 2011-09-08 16:51	29184	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2011-09-08 16:51 . 2011-09-08 16:51	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2011-09-08 16:51 . 2011-09-08 16:51	54784	----a-w-	c:\windows\system32\atimpc64.dll
2011-09-08 16:51 . 2011-09-08 16:51	54784	----a-w-	c:\windows\system32\amdpcom64.dll
2011-09-08 16:50 . 2011-09-08 16:50	53760	----a-w-	c:\windows\SysWow64\atimpc32.dll
2011-09-08 16:50 . 2011-09-08 16:50	53760	----a-w-	c:\windows\SysWow64\amdpcom32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFast USB"="c:\program files (x86)\XFast USB\XFastUsb.exe" [2011-10-16 4878912]
"StartCCC"="f:\ati\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"avgnt"="f:\avira\AntiVir Desktop\avgnt.exe" [2011-10-05 258512]
"CTxfiHlp"="CTXFIHLP.EXE" [2011-06-01 24576]
"VolPanel"="f:\creativ\VolPanlu.exe" [2010-02-18 241789]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - f:\netgear\WG111v2.exe [2011-10-16 1268192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-10-17 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;f:\avira\AntiVir Desktop\sched.exe [2011-10-05 86224]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-10-17 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-07-28 110360]
"EvtMgr6"="f:\programme\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"combofix"="c:\combofix\CF3597.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\p8wtkbsd.default\
FF - prefs.js: browser.startup.homepage - google.at
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
f:\avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
c:\users\PC\AppData\Local\Temp\Creative_ALchemy_AL6_Cleanup.0001
c:\windows\SysWOW64\CTXFISPI.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-10-18  21:59:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-10-18 19:59
.
Vor Suchlauf: 7 Verzeichnis(se), 29.396.692.992 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 28.947.767.296 Bytes frei
.
- - End Of File - - CA65C857917D3C1AEEF3CDD29CE45590

--- --- ---

markusg · 19.10.2011, 15:18

gibts noch probleme?

mobert · 19.10.2011, 15:33

im vergleich zu gestern geht das surfen heute einwandfrei. ist die combofix logdatei "sauber"?

dann wäre ich nämlich beruhigt und könnte im internet einkaufen

markusg · 19.10.2011, 15:41

hi, da du nichts ausgeführt hast und bei dir alles läuft passt das

mobert · 19.10.2011, 15:45

verdammte sch****. ich bin davon ausgegangen dass ich ein sauberes system habe, nachdem die viren/trojanerprogramme nie etwas dramatisches angezeigt haben

markusg · 19.10.2011, 15:48

sorry ich war im topic verrutscht, du hattest ja nichts ausgeführt dann passt das, hab noch mal editiert

18.10.2011, 18:36	#2
markusg /// Malware-holic	FB srt.jpg file hi kannst du mir den link senden, den du per privater nachicht erhalten hast? als private nachicht bitte. __________________ __________________

19.10.2011, 15:18	#10
markusg /// Malware-holic	FB srt.jpg file gibts noch probleme? __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

FB srt.jpg file

Log-Analyse und Auswertung: FB srt.jpg file

FB srt.jpg file

FB srt.jpg file

FB srt.jpg file

FB srt.jpg file

FB srt.jpg file

FB srt.jpg file

FB srt.jpg file

FB srt.jpg file

FB srt.jpg file

FB srt.jpg file

FB srt.jpg file

FB srt.jpg file

FB srt.jpg file

FB srt.jpg file

Ähnliche Themen: FB srt.jpg file

18.10.2011, 18:45	#3
mobert	FB srt.jpg file hab ich soeben geschickt __________________

18.10.2011, 19:07	#5
mobert	FB srt.jpg file hab ich schon weil ich eben in anderen themen gelesen hatte das man die personen von denen man den link erhalten hat informieren soll. die skype warnung ist egal? ich bilde mir nämlich ein das mein internet heute recht langsam ist beim seitenaufbau und einen wlan abbruch hatte ich auch, obwohl es die letzten tage immer super funktionierte

19.10.2011, 15:33	#11
mobert	FB srt.jpg file im vergleich zu gestern geht das surfen heute einwandfrei. ist die combofix logdatei "sauber"? dann wäre ich nämlich beruhigt und könnte im internet einkaufen

19.10.2011, 15:45	#13
mobert	FB srt.jpg file verdammte sch****. ich bin davon ausgegangen dass ich ein sauberes system habe, nachdem die viren/trojanerprogramme nie etwas dramatisches angezeigt haben