Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus öffnet IE Mit meldung 100€ zu zahlen.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.11.2011, 15:19   #1
Basti24
 
Virus öffnet IE Mit meldung 100€ zu zahlen. - Standard

Virus öffnet IE Mit meldung 100€ zu zahlen.



Hallo,

Ich habe mir heute einen Virus eingefangen, das war vor etwa 2 stunden. Dieser öffnet denn Internet Explorer, wo dann steht : Das mein Rechner von der Bundespolizei gesperrt worden ist und das ich 100€ zahlen soll, da sonst meine gesammte Festplatte gelöscht wird. Problem ist, ich kann denn IE nicht beenden weil der mein ganzen bildschirm füllt, es gibt kein (X) zu beenden. Strg + alt + entf geht auch nicht, wenn ich es mit alt + f4 probiere klappt es aber der IE öffnet sich sofort wieder.

Eine Systemwiederherstellung ist leider auch erfolglos geblieben.

Mein problem ist hier auch ganz gut beschrieben : hxxp://der-technik-blog.blogspot.com/2011/04/polizei-virus-fordert-zum-zahlen-auf.html

wenn ich irrgentwas vergessen hab, einfach fragen.

Und wenn es so ein thema bereits gibt dann sorry hab ich es übersehen, und dies hier kann gelöscht werden.
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:18:42, on 27.11.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Basti\Desktop\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL
O4 - HKLM\..\Run: [RoccatKova+] "C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Remote Control Editor] "C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: 0.3512736113240913.exe.lnk = C:\Windows\System32\rundll32.exe
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sound Blaster X-Fi MB Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8482 bytes
         
--- --- ---
hier das Hijacktihs log wenn es hilft.

ich hoffe mir kann geholfen werden.

Edit 1: Ich kriege mein Pc wieder unter kontrolle sobald ich mit Strg + alt + entf auf "abmelden" gehe, sobald ich wieder auf anmelden gehe starte ich irrgentwas wo ich zuerst Adminrechte geben muss, lasse es kurz so, un dann mach ich weiter. So öffnet sich der IR dann nicht mehr. Erst nach einem neustart des PC´s geht es wieder von vorne los.

Meine Daten :

Windows 7 Enterprise 64 bit
AMD Phenom II 4 x 3,2 mhz
8 Gigabyte Ram
1 TB Festplatte
Radeon HD 6850 1 GB

wenns hilft.

mfg Basti

Geändert von Basti24 (27.11.2011 um 15:26 Uhr)

Alt 27.11.2011, 15:31   #2
markusg
/// Malware-holic
 
Virus öffnet IE Mit meldung 100€ zu zahlen. - Standard

Virus öffnet IE Mit meldung 100€ zu zahlen.



hi
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die
    OTL.exe

    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal
    Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan
    links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 27.11.2011, 15:40   #3
Basti24
 
Virus öffnet IE Mit meldung 100€ zu zahlen. - Standard

Virus öffnet IE Mit meldung 100€ zu zahlen.



Hi,

danke für die schnelle antwort. Also Logfile 1 OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.11.2011 15:35:05 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Basti\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,89 Gb Available Physical Memory | 73,61% Memory free
16,00 Gb Paging File | 13,43 Gb Available in Paging File | 83,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 150,26 Gb Total Space | 76,60 Gb Free Space | 50,98% Space Free | Partition Type: NTFS
Drive D: | 781,25 Gb Total Space | 265,98 Gb Free Space | 34,05% Space Free | Partition Type: NTFS
Drive E: | 3,50 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 8,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Basti\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\CinergyDvr.exe (TERRATEC Electronic GmbH)
PRC - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
PRC - C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe (Roccat GmbH)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\sqlite3.dll ()
MOD - C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\hiddriver.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Sound Blaster X-Fi MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (FLxHCIc) Fresco Logic xHCI (USB3) -- C:\Windows\SysNative\drivers\FLxHCIc.sys (Fresco Logic)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (KovaPlusFltr) -- C:\Windows\SysNative\drivers\KovaPlusFltr.sys (ROCCAT Development, Inc.)
DRV:64bit: - (UDXTTM6010) -- C:\Windows\SysNative\drivers\UDXTTM6010.sys ()
DRV:64bit: - (TTHID) -- C:\Windows\SysNative\drivers\Cinergy_Hybrid-Stick_HID.sys (DTV-DVB)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation)
DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 46 F6 AB 50 AC CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.startup.homepage: "www.Google.de"
FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com//web?src=ffb&appid=0&systemid=410&sr=0&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.14 16:18:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.11 06:36:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.31 05:35:23 | 000,000,000 | ---D | M]
 
[2011.08.19 14:50:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Extensions
[2011.11.26 16:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yvwko8uh.default\extensions
[2011.06.23 16:34:19 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yvwko8uh.default\extensions\DTToolbar@toolbarnet.com
[2011.06.23 16:34:13 | 000,002,055 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\yvwko8uh.default\searchplugins\daemon-search.xml
[2011.08.16 16:08:45 | 000,002,503 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\yvwko8uh.default\searchplugins\SearchResults.xml
[2011.11.11 15:09:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.18 14:40:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.11.14 16:18:31 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
() (No name found) -- C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YVWKO8UH.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.11 06:36:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.08.11 15:13:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.11 06:36:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.11 06:36:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.11 06:36:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.07.23 17:08:12 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.11.11 06:36:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.16 16:08:45 | 000,002,503 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2011.11.11 06:36:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.11 06:36:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [RoccatKova+] C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE (Roccat GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
O4 - Startup: C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{112FA5E2-E52E-441B-876F-F85D01DCF289}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B78B468A-F1B5-406C-86F6-13271CBB0D1C}: DhcpNameServer = 80.69.100.174 192.168.0.1
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.12 10:19:49 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2011.11.23 17:38:29 | 000,000,000 | ---D | M] - F:\AutoPlay -- [ CDFS ]
O32 - AutoRun File - [2011.11.23 17:38:29 | 006,567,544 | R--- | M] (UBISOFT) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011.11.23 17:38:29 | 000,147,034 | R--- | M] () - F:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2011.11.23 17:38:29 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{55f181ed-9d26-11e0-b89b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55f181ed-9d26-11e0-b89b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2011.04.12 10:19:49 | 000,106,768 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{acef9f99-c1da-11e0-9fa3-002522b00ee0}\Shell - "" = AutoRun
O33 - MountPoints2\{acef9f99-c1da-11e0-9fa3-002522b00ee0}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2011.11.23 17:38:29 | 006,567,544 | R--- | M] (UBISOFT)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.27 15:33:17 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
[2011.11.27 13:30:29 | 000,000,000 | ---D | C] -- C:\Users\Basti\Application Data
[2011.11.27 13:29:20 | 000,000,000 | ---D | C] -- C:\Users\Basti\Desktop\Ckacran2070no
[2011.11.26 23:29:42 | 000,000,000 | ---D | C] -- C:\Users\Basti\Documents\Assassin's Creed Revelations
[2011.11.26 23:25:46 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\PunkBuster
[2011.11.24 17:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apollo Medien
[2011.11.19 22:59:54 | 000,315,904 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2011.11.19 13:37:08 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Ubisoft
[2011.11.19 13:36:00 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2011.11.19 13:36:00 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2011.11.19 13:36:00 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2011.11.19 13:36:00 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2011.11.19 13:36:00 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2011.11.19 13:36:00 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2011.11.19 13:35:59 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2011.11.19 13:35:59 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2011.11.19 13:35:58 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2011.11.19 13:35:58 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2011.11.19 13:35:57 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2011.11.19 13:35:57 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2011.11.19 13:35:57 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2011.11.19 13:35:57 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2011.11.19 13:35:56 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2011.11.19 13:35:56 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2011.11.19 13:35:55 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2011.11.19 13:35:55 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2011.11.19 13:35:55 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2011.11.19 13:35:55 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2011.11.19 13:35:55 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2011.11.19 13:35:55 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2011.11.19 13:35:55 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2011.11.19 13:35:55 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2011.11.19 13:35:54 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2011.11.19 13:35:54 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2011.11.19 13:35:53 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2011.11.19 13:35:53 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2011.11.19 13:35:51 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2011.11.19 13:35:51 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2011.11.19 13:35:49 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2011.11.19 13:35:49 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2011.11.19 13:35:49 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2011.11.19 13:35:49 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2011.11.19 13:35:48 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2011.11.19 13:35:47 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2011.11.19 13:35:45 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2011.11.19 13:35:45 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2011.11.19 13:35:42 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2011.11.19 13:35:42 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2011.11.19 13:35:42 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2011.11.19 13:35:42 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2011.11.19 13:35:41 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2011.11.19 13:35:41 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2011.11.19 13:35:41 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2011.11.19 13:35:41 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2011.11.19 13:35:40 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2011.11.19 13:35:40 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2011.11.19 13:35:40 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2011.11.19 13:35:40 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2011.11.19 13:35:40 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2011.11.19 13:35:40 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2011.11.18 21:48:14 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011.11.18 21:48:13 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011.11.18 17:56:59 | 000,000,000 | ---D | C] -- C:\Users\Basti\Desktop\Marlon Roudette - New Age
[2011.11.16 23:10:14 | 000,000,000 | ---D | C] -- C:\Users\Basti\Desktop\Neuer Ordner
[2011.11.15 20:46:40 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Call of Duty - Modern Warfare 3 Deutsch
[2011.11.13 12:36:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.11.11 20:07:06 | 000,000,000 | ---D | C] -- C:\Users\Basti\Documents\CAPCOM
[2011.11.11 20:01:48 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2011.11.11 20:01:48 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2011.11.11 20:01:48 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2011.11.11 20:01:48 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2011.11.11 20:01:43 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2011.11.11 20:01:43 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2011.11.11 20:01:38 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2011.11.11 20:01:38 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2011.11.11 20:01:27 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2011.11.11 20:01:27 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2011.11.11 20:01:25 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2011.11.11 20:01:25 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2011.11.11 20:01:20 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2011.11.11 20:01:20 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2011.11.11 20:01:20 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2011.11.11 20:01:20 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2011.11.11 20:01:12 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2011.11.11 20:01:12 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2011.11.11 20:00:57 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2011.11.11 20:00:57 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011.11.11 20:00:57 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2011.11.11 20:00:57 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011.11.11 20:00:51 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2011.11.11 20:00:51 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011.11.11 20:00:43 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2011.11.11 20:00:43 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2011.11.11 20:00:43 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2011.11.11 20:00:43 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2011.11.11 20:00:40 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2011.11.11 20:00:40 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2011.11.11 20:00:38 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2011.11.11 20:00:38 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2011.11.11 20:00:19 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2011.11.11 20:00:19 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2011.11.11 20:00:19 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2011.11.11 20:00:19 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2011.11.11 20:00:09 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2011.11.11 20:00:09 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2011.11.11 19:59:58 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2011.11.11 19:59:58 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2011.11.11 19:59:49 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2011.11.11 19:59:49 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2011.11.11 19:59:44 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2011.11.11 19:59:44 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2011.11.11 19:59:32 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2011.11.11 19:59:32 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2011.11.11 19:59:31 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2011.11.11 19:59:31 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2011.11.11 19:59:22 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2011.11.11 19:59:22 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2011.11.08 23:48:04 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\OpenOffice.org
[2011.11.08 23:47:34 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011.11.08 23:47:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2011.11.08 23:45:36 | 000,000,000 | ---D | C] -- C:\Users\Basti\Desktop\OpenOffice.org 3.3 (de) Installation Files
[2011.11.07 19:08:52 | 000,000,000 | ---D | C] -- C:\Users\Basti\Desktop\Sergio Music
[2011.11.05 02:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokemon World Online
[2011.11.05 02:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pokemon World Online
[2011.11.02 20:55:47 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2011.11.02 20:55:47 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2011.11.02 20:55:46 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2011.11.02 20:55:46 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2011.11.02 20:55:46 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2011.11.02 20:55:46 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2011.11.02 20:55:45 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2011.11.02 20:55:45 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2011.11.02 20:55:44 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2011.11.02 20:55:44 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2011.11.02 20:55:44 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2011.11.02 20:55:44 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2011.11.02 20:55:44 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2011.11.02 20:55:44 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2011.11.02 20:55:43 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2011.11.02 20:55:43 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2011.11.02 20:55:42 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2011.11.02 20:55:42 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2011.11.02 20:55:42 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2011.11.02 20:55:42 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2011.11.02 20:55:41 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2011.11.02 20:55:41 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2011.11.02 20:55:41 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2011.11.02 20:55:41 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2011.11.02 20:55:40 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2011.11.02 20:55:40 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2011.11.02 20:55:40 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2011.11.02 20:55:40 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2011.11.02 20:55:39 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2011.11.02 20:55:39 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2011.11.02 20:55:38 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2011.11.02 20:55:38 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2011.11.02 20:55:38 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2011.11.02 20:55:38 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2011.11.02 20:55:37 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2011.11.02 20:55:37 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2011.11.02 20:55:37 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2011.11.02 20:55:37 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2011.11.02 20:55:37 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2011.11.02 20:55:37 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2011.11.02 20:55:36 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2011.11.02 20:55:36 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2011.11.02 20:55:35 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2011.11.02 20:55:35 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011.11.02 20:55:35 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2011.11.02 20:55:35 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2011.11.02 20:55:35 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2011.11.02 20:55:35 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2011.11.02 20:55:34 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2011.11.02 20:55:34 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2011.11.02 20:55:34 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2011.11.02 20:55:34 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2011.11.02 20:55:33 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2011.11.02 20:55:33 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2011.11.02 20:55:32 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2011.11.02 20:55:32 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2011.11.02 20:55:32 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2011.11.02 20:55:32 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2011.11.02 20:55:32 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2011.11.02 20:55:32 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2011.11.02 20:55:27 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2011.11.02 20:55:27 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2011.11.02 20:55:26 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2011.11.02 20:55:26 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2011.11.02 20:55:26 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2011.11.02 20:55:26 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2011.11.02 20:55:25 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2011.11.02 20:55:25 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2011.11.02 20:55:24 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2011.11.02 20:55:24 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2011.11.02 20:55:23 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2011.11.02 20:55:23 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2011.11.02 20:55:12 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2011.11.02 20:55:12 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2011.11.02 20:55:11 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2011.11.02 20:55:11 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2011.11.02 20:55:10 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2011.11.02 20:55:10 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2011.10.29 20:56:21 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\ESN Sonar
[2011.10.29 12:30:14 | 000,000,000 | ---D | C] -- C:\Users\Basti\Documents\Battlefield 3
[2011.10.29 12:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2011.10.29 12:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.27 15:33:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
[2011.11.27 15:10:38 | 000,019,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.27 15:10:38 | 000,019,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.27 15:09:14 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.27 15:09:14 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.27 15:09:14 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.27 15:09:14 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.27 15:09:14 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.27 15:03:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.27 15:03:01 | 2146,934,783 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.27 13:28:27 | 039,408,323 | ---- | M] () -- C:\Users\Basti\Desktop\Ckacran2070no.rar
[2011.11.27 13:13:55 | 000,001,045 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.3512736113240913.exe.lnk
[2011.11.26 20:41:29 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.11.26 20:41:29 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.11.26 15:32:39 | 000,000,209 | ---- | M] () -- C:\Users\Basti\Documents\PWOOptions.ini
[2011.11.26 14:00:08 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.11.25 15:33:42 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011.11.25 15:33:08 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.11.24 17:38:48 | 000,001,129 | ---- | M] () -- C:\Users\Public\Desktop\Euro-Fahrschule 2011.lnk
[2011.11.22 20:19:05 | 000,302,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.22 06:44:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2011.11.19 23:04:42 | 000,000,122 | ---- | M] () -- C:\Windows\wa.INI
[2011.11.18 17:56:43 | 005,841,584 | ---- | M] () -- C:\Users\Basti\Desktop\Marlon Roudette - New Age.rar
[2011.11.13 23:07:54 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.11.09 23:20:12 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2011.11.09 16:30:11 | 000,010,817 | ---- | M] () -- C:\Users\Basti\Desktop\o2Kündigung.odt
[2011.11.09 00:01:17 | 000,013,857 | ---- | M] () -- C:\Users\Basti\Documents\o2Kündigung.odt
[2011.11.08 23:47:34 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011.11.07 19:15:17 | 000,002,480 | ---- | M] () -- C:\Users\Basti\Desktop\o2.Kündigung.pdf
[2011.11.05 02:58:00 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\Pokemon World Online.lnk
[2011.11.03 16:34:47 | 000,054,942 | ---- | M] () -- C:\Users\Basti\Desktop\Kuendigungsschreiben-Telefónica-O2-Germany-GmbH-&-Co.-OHG.pdf
[2011.11.02 20:56:02 | 002,337,865 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.27 13:27:59 | 039,408,323 | ---- | C] () -- C:\Users\Basti\Desktop\Ckacran2070no.rar
[2011.11.27 13:13:55 | 000,001,045 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.3512736113240913.exe.lnk
[2011.11.26 11:04:13 | 000,001,003 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2011.11.24 17:38:48 | 000,001,129 | ---- | C] () -- C:\Users\Public\Desktop\Euro-Fahrschule 2011.lnk
[2011.11.19 23:02:52 | 000,000,122 | ---- | C] () -- C:\Windows\wa.INI
[2011.11.18 17:56:41 | 005,841,584 | ---- | C] () -- C:\Users\Basti\Desktop\Marlon Roudette - New Age.rar
[2011.11.09 00:02:11 | 000,010,817 | ---- | C] () -- C:\Users\Basti\Desktop\o2Kündigung.odt
[2011.11.09 00:01:16 | 000,013,857 | ---- | C] () -- C:\Users\Basti\Documents\o2Kündigung.odt
[2011.11.08 23:47:34 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011.11.07 19:15:17 | 000,002,480 | ---- | C] () -- C:\Users\Basti\Desktop\o2.Kündigung.pdf
[2011.11.05 02:58:00 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\Pokemon World Online.lnk
[2011.11.05 02:57:41 | 000,000,209 | ---- | C] () -- C:\Users\Basti\Documents\PWOOptions.ini
[2011.11.03 16:34:46 | 000,054,942 | ---- | C] () -- C:\Users\Basti\Desktop\Kuendigungsschreiben-Telefónica-O2-Germany-GmbH-&-Co.-OHG.pdf
[2011.10.29 12:18:29 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011.10.23 17:26:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.10.13 21:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.24 10:50:39 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.09.18 14:17:13 | 000,000,318 | ---- | C] () -- C:\Windows\game.ini
[2011.09.14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.08.16 16:08:43 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011.08.14 16:33:10 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.08.14 16:33:10 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.07.30 19:33:49 | 000,028,912 | ---- | C] () -- C:\Windows\scunin.dat
[2011.06.23 09:38:24 | 000,049,628 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.06.22 21:20:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.06.22 21:16:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.06.22 21:07:23 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2011.06.22 21:07:23 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2011.06.22 21:07:23 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2011.06.22 21:07:06 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.06.22 21:07:06 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

< End of report >
         
--- --- ---

2. Logfile :OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.11.2011 15:35:05 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Basti\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,89 Gb Available Physical Memory | 73,61% Memory free
16,00 Gb Paging File | 13,43 Gb Available in Paging File | 83,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 150,26 Gb Total Space | 76,60 Gb Free Space | 50,98% Space Free | Partition Type: NTFS
Drive D: | 781,25 Gb Total Space | 265,98 Gb Free Space | 34,05% Space Free | Partition Type: NTFS
Drive E: | 3,50 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 8,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{0CC44ABB-62F1-FDA7-02C8-DCCC2A239DDE}" = AMD Fuel
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119CFC4D-EB75-D47F-1209-032721858C32}" = ccc-utility64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}" = AMD Catalyst Install Manager
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E9E1B70-59C4-403E-ABFB-C08012BC7F8A}" = Fresco Logic USB3.0 Host Controller
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A73F0084-A1CC-6E42-06DF-D088D583CC2A}" = AMD Media Foundation Decoders
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{076CCB30-C617-4A56-1906-D5BA3A3D910E}" = Euro-Fahrschule 2011
"{13AE7598-928A-83E7-548B-44FA68242798}" = CCC Help English
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{211D9A2A-0ECA-7AC7-ABAA-03ED3242F33E}" = AMD VISION Engine Control Center
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.0
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{30C01299-554C-4B62-BD0F-849F43E01C91}_is1" = Pokemon World Online version 1.81
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5066FFF7-0029-BBA3-DD41-D71599987F1B}" = Catalyst Control Center InstallProxy
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller  Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A86DDFE3-F661-461C-9BF2-876AC2CA57DE}" = ROCCAT Kova[+] Mouse Driver
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FECCC297-24D6-F2B0-2BEC-446AC0205EEB}" = Catalyst Control Center Graphics Previews Common
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cinergy Hybrid Stick" = Cinergy Hybrid Stick V1.00.08.06a
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"de.apollo-medien.eurofahrschule2011.9151FF1C04D985321FBE252CD7DD9485437B0213.1" = Euro-Fahrschule 2011
"DivX Setup" = DivX-Setup
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.0
"Freelancer 1.0" = Freelancer
"German Truck Simulator" = German Truck Simulator 1.00
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LogMeIn Hamachi" = LogMeIn Hamachi
"MagniDriver" = marvell 91xx driver
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Railworks 3 Train Simulator 2012 Deluxe_is1" = Railworks 3 Train Simulator 2012 Deluxe
"Starcraft" = Starcraft
"Steam App 70" = Half-Life
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"UT2003" = Unreal Tournament 2003
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.11.2011 07:45:07 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.0.0.0, Zeitstempel:
 0x4e9d3315  Name des fehlerhaften Moduls: bf3.exe, Version: 1.0.0.0, Zeitstempel:
 0x4e9d3315  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00c6f8a0  ID des fehlerhaften Prozesses:
 0x1350  Startzeit der fehlerhaften Anwendung: 0x01cca779bbb11f17  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe  Berichtskennung:
 1762f10e-136d-11e1-9f89-002522b00ee0
 
Error - 20.11.2011 08:00:59 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.0.0.0, Zeitstempel:
 0x4e9d3315  Name des fehlerhaften Moduls: bf3.exe, Version: 1.0.0.0, Zeitstempel:
 0x4e9d3315  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00c6f8a0  ID des fehlerhaften Prozesses:
 0x788  Startzeit der fehlerhaften Anwendung: 0x01cca77bfc009fd6  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe  Berichtskennung:
 4f343753-136f-11e1-9f89-002522b00ee0
 
Error - 20.11.2011 10:51:10 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.0.0.0, Zeitstempel:
 0x4e9d3315  Name des fehlerhaften Moduls: bf3.exe, Version: 1.0.0.0, Zeitstempel:
 0x4e9d3315  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001c6ec  ID des fehlerhaften Prozesses:
 0x105c  Startzeit der fehlerhaften Anwendung: 0x01cca793c73ab0f3  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe  Berichtskennung:
 153dd82d-1387-11e1-9f89-002522b00ee0
 
Error - 20.11.2011 11:14:08 | Computer Name = Basti-PC | Source = Application Hang | ID = 1002
Description = Programm Xfire.exe, Version 1.0.0.13133 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ae4    Startzeit: 
01cca767e78ab8c0    Endzeit: 1184    Anwendungspfad: C:\Program Files (x86)\Xfire\Xfire.exe

Berichts-ID:
 469164b7-138a-11e1-9f89-002522b00ee0  
 
Error - 21.11.2011 01:29:50 | Computer Name = Basti-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.11.2011 10:48:05 | Computer Name = Basti-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.11.2011 16:12:30 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.0.0.0, Zeitstempel:
 0x4e9d3315  Name des fehlerhaften Moduls: bf3.exe, Version: 1.0.0.0, Zeitstempel:
 0x4e9d3315  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001c6ec  ID des fehlerhaften Prozesses:
 0x1254  Startzeit der fehlerhaften Anwendung: 0x01cca889d5192a90  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe  Berichtskennung:
 23682a99-147d-11e1-b7c1-002522b00ee0
 
Error - 22.11.2011 01:33:44 | Computer Name = Basti-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.11.2011 10:34:16 | Computer Name = Basti-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.11.2011 15:20:39 | Computer Name = Basti-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 22.11.2011 11:07:56 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140966905
 
Error - 22.11.2011 11:09:22 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140966905
 
Error - 22.11.2011 11:09:22 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140966905
 
Error - 22.11.2011 12:51:37 | Computer Name = Basti-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 22.11.2011 13:16:33 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140966905
 
Error - 22.11.2011 13:16:33 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140966905
 
Error - 25.11.2011 12:06:42 | Computer Name = Basti-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 27.11.2011 08:17:08 | Computer Name = Basti-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?11.?2011 um 13:15:01 unerwartet heruntergefahren.
 
Error - 27.11.2011 08:20:47 | Computer Name = Basti-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 27.11.2011 10:04:46 | Computer Name = Basti-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---

mfg
__________________

Alt 27.11.2011, 15:59   #4
markusg
/// Malware-holic
 
Virus öffnet IE Mit meldung 100€ zu zahlen. - Standard

Virus öffnet IE Mit meldung 100€ zu zahlen.



combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.11.2011, 16:25   #5
Basti24
 
Virus öffnet IE Mit meldung 100€ zu zahlen. - Standard

Virus öffnet IE Mit meldung 100€ zu zahlen.



Habe das programm mal durchlaufen lassen. Logfile :

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-11-27.01 - Basti 27.11.2011  16:19:32.1.4 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.49.1031.18.8191.6345 [GMT 1:00]
ausgeführt von:: c:\users\Basti\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.3512736113240913.exe.lnk
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-27 bis 2011-11-27  ))))))))))))))))))))))))))))))
.
.
2011-11-27 15:22 . 2011-11-27 15:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-26 22:25 . 2011-11-26 22:25	--------	d-----w-	c:\users\Basti\AppData\Roaming\PunkBuster
2011-11-26 09:51 . 2011-11-27 14:05	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CF967AD-856E-4807-9AA7-6CBB5C1FE885}\offreg.dll
2011-11-25 13:40 . 2011-10-07 04:16	8570192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CF967AD-856E-4807-9AA7-6CBB5C1FE885}\mpengine.dll
2011-11-19 12:37 . 2011-11-19 12:37	--------	d-----w-	c:\users\Basti\AppData\Roaming\Ubisoft
2011-11-19 12:36 . 2010-06-02 03:55	77656	----a-w-	c:\windows\system32\XAPOFX1_5.dll
2011-11-19 12:36 . 2010-06-02 03:55	74072	----a-w-	c:\windows\SysWow64\XAPOFX1_5.dll
2011-11-19 12:36 . 2010-06-02 03:55	527192	----a-w-	c:\windows\SysWow64\XAudio2_7.dll
2011-11-19 12:36 . 2010-06-02 03:55	518488	----a-w-	c:\windows\system32\XAudio2_7.dll
2011-11-19 12:36 . 2010-06-02 03:55	239960	----a-w-	c:\windows\SysWow64\xactengine3_7.dll
2011-11-19 12:36 . 2010-06-02 03:55	176984	----a-w-	c:\windows\system32\xactengine3_7.dll
2011-11-18 20:48 . 2009-09-04 16:29	453456	----a-w-	c:\windows\SysWow64\d3dx10_42.dll
2011-11-18 20:48 . 2009-09-04 16:29	1892184	----a-w-	c:\windows\SysWow64\D3DX9_42.dll
2011-11-13 11:36 . 2011-11-13 11:36	--------	d-----w-	c:\windows\system32\Macromed
2011-11-11 19:00 . 2008-07-10 10:01	467984	----a-w-	c:\windows\SysWow64\d3dx10_39.dll
2011-11-11 18:59 . 2008-03-05 15:04	489480	----a-w-	c:\windows\system32\XAudio2_0.dll
2011-11-11 18:59 . 2008-03-05 15:03	479752	----a-w-	c:\windows\SysWow64\XAudio2_0.dll
2011-11-11 18:59 . 2008-03-05 15:03	238088	----a-w-	c:\windows\SysWow64\xactengine3_0.dll
2011-11-11 18:59 . 2008-03-05 15:03	177672	----a-w-	c:\windows\system32\xactengine3_0.dll
2011-11-11 18:59 . 2008-03-05 15:00	28168	----a-w-	c:\windows\system32\X3DAudio1_3.dll
2011-11-11 18:59 . 2008-03-05 15:00	25608	----a-w-	c:\windows\SysWow64\X3DAudio1_3.dll
2011-11-11 18:59 . 2008-03-05 14:56	1860120	----a-w-	c:\windows\system32\D3DCompiler_37.dll
2011-11-11 18:59 . 2008-03-05 14:56	1420824	----a-w-	c:\windows\SysWow64\D3DCompiler_37.dll
2011-11-11 18:59 . 2008-02-05 22:07	462864	----a-w-	c:\windows\SysWow64\d3dx10_37.dll
2011-11-11 18:59 . 2008-02-05 22:07	529424	----a-w-	c:\windows\system32\d3dx10_37.dll
2011-11-11 18:59 . 2008-03-05 14:56	4910088	----a-w-	c:\windows\system32\D3DX9_37.dll
2011-11-11 18:59 . 2008-03-05 14:56	3786760	----a-w-	c:\windows\SysWow64\D3DX9_37.dll
2011-11-09 21:08 . 2011-10-01 05:45	886784	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-09 21:08 . 2011-10-01 04:37	708608	----a-w-	c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 21:08 . 2011-09-29 16:29	1923952	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-09 21:08 . 2011-09-29 04:03	3144704	----a-w-	c:\windows\system32\win32k.sys
2011-11-08 22:48 . 2011-11-08 22:48	--------	d-----w-	c:\users\Basti\AppData\Roaming\OpenOffice.org
2011-11-08 22:47 . 2011-11-08 22:47	--------	d-----w-	c:\program files (x86)\OpenOffice.org 3
2011-11-05 01:57 . 2011-11-05 01:57	--------	d-----w-	c:\program files (x86)\Pokemon World Online
2011-10-29 19:56 . 2011-10-30 00:40	--------	d-----w-	c:\users\Basti\AppData\Local\ESN Sonar
2011-10-29 11:29 . 2011-11-05 13:29	--------	d-----w-	c:\program files (x86)\Battlelog Web Plugins
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-26 19:41 . 2011-09-24 15:52	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2011-11-26 19:41 . 2011-09-24 09:50	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2011-11-26 13:00 . 2011-09-24 09:50	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2011-11-25 14:33 . 2011-08-14 15:33	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2011-11-13 22:07 . 2011-06-22 22:27	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-02 19:56 . 2011-08-14 15:33	2337865	----a-w-	c:\windows\SysWow64\pbsvc.exe
2011-10-20 23:26 . 2011-10-20 23:26	94208	----a-w-	c:\windows\SysWow64\dpl100.dll
2011-10-16 17:12 . 2009-08-18 10:49	564632	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-10-16 17:12 . 2009-08-18 09:24	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-13 20:29 . 2011-10-13 20:29	42392	----a-w-	c:\windows\SysWow64\xfcodec.dll
2011-10-13 20:29 . 2011-10-13 20:29	28056	----a-w-	c:\windows\system32\xfcodec64.dll
2011-10-11 13:00 . 2011-10-15 12:00	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-15 12:00	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-10-11 13:00 . 2011-10-15 12:00	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-09-28 16:45 . 2011-09-28 16:45	15453832	----a-w-	c:\windows\SysWow64\xlive.dll
2011-09-28 16:45 . 2011-09-28 16:45	13642888	----a-w-	c:\windows\SysWow64\xlivefnt.dll
2011-09-16 14:52 . 2011-07-01 19:19	34624	----a-w-	c:\windows\system32\TURegOpt.exe
2011-09-16 14:44 . 2011-07-01 19:19	25920	----a-w-	c:\windows\system32\authuitu.dll
2011-09-16 14:44 . 2011-07-01 19:19	21312	----a-w-	c:\windows\SysWow64\authuitu.dll
2011-09-16 14:44 . 2011-07-01 19:19	36160	----a-w-	c:\windows\system32\uxtuneup.dll
2011-09-16 14:44 . 2011-07-01 19:19	29504	----a-w-	c:\windows\SysWow64\uxtuneup.dll
2011-09-14 09:47 . 2011-09-14 09:47	60416	----a-w-	c:\windows\system32\OVDecode64.dll
2011-09-14 09:47 . 2011-09-14 09:47	53760	----a-w-	c:\windows\SysWow64\OVDecode.dll
2011-09-14 09:47 . 2011-09-14 09:47	16652288	----a-w-	c:\windows\system32\amdocl64.dll
2011-09-14 09:46 . 2011-09-14 09:46	13625856	----a-w-	c:\windows\SysWow64\amdocl.dll
2011-09-14 09:38 . 2011-09-14 09:38	44032	----a-w-	c:\windows\system32\amdoclcl64.dll
2011-09-14 09:38 . 2011-09-14 09:38	37376	----a-w-	c:\windows\SysWow64\amdoclcl.dll
2011-09-08 18:27 . 2011-09-08 18:27	10203648	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2011-09-08 17:59 . 2011-09-08 17:59	24229376	----a-w-	c:\windows\system32\atio6axx.dll
2011-09-08 17:39 . 2011-09-08 17:39	18534912	----a-w-	c:\windows\SysWow64\atioglxx.dll
2011-09-08 17:34 . 2011-09-08 17:34	151552	----a-w-	c:\windows\system32\atiapfxx.exe
2011-09-08 17:34 . 2010-09-29 01:55	732672	----a-w-	c:\windows\SysWow64\aticfx32.dll
2011-09-08 17:32 . 2011-05-25 03:06	862720	----a-w-	c:\windows\system32\aticfx64.dll
2011-09-08 17:30 . 2011-09-08 17:30	466944	----a-w-	c:\windows\system32\ATIDEMGX.dll
2011-09-08 17:30 . 2011-09-08 17:30	486912	----a-w-	c:\windows\system32\atieclxx.exe
2011-09-08 17:29 . 2011-09-08 17:29	204288	----a-w-	c:\windows\system32\atiesrxx.exe
2011-09-08 17:28 . 2011-09-08 17:28	120320	----a-w-	c:\windows\system32\atitmm64.dll
2011-09-08 17:28 . 2011-09-08 17:28	423424	----a-w-	c:\windows\system32\atipdl64.dll
2011-09-08 17:28 . 2011-09-08 17:28	356352	----a-w-	c:\windows\SysWow64\atipdlxx.dll
2011-09-08 17:28 . 2011-09-08 17:28	278528	----a-w-	c:\windows\SysWow64\Oemdspif.dll
2011-09-08 17:28 . 2011-09-08 17:28	21504	----a-w-	c:\windows\system32\atimuixx.dll
2011-09-08 17:28 . 2011-09-08 17:28	59392	----a-w-	c:\windows\system32\atiedu64.dll
2011-09-08 17:28 . 2011-09-08 17:28	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2011-09-08 17:24 . 2010-09-29 01:46	4204032	----a-w-	c:\windows\SysWow64\atidxx32.dll
2011-09-08 17:18 . 2011-09-08 17:18	1113088	----a-w-	c:\windows\system32\atiumd6v.dll
2011-09-08 17:18 . 2011-09-08 17:18	1828864	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2011-09-08 17:18 . 2011-09-08 17:18	3888640	----a-w-	c:\windows\system32\atiumd6a.dll
2011-09-08 17:16 . 2011-05-25 02:49	4944896	----a-w-	c:\windows\system32\atidxx64.dll
2011-09-08 17:09 . 2011-09-08 17:09	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2011-09-08 17:09 . 2011-09-08 17:09	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2011-09-08 17:09 . 2011-09-08 17:09	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2011-09-08 17:09 . 2011-09-08 17:09	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2011-09-08 17:09 . 2011-09-08 17:09	8723456	----a-w-	c:\windows\system32\aticaldd64.dll
2011-09-08 17:08 . 2011-05-25 02:50	4064768	----a-w-	c:\windows\SysWow64\atiumdva.dll
2011-09-08 17:05 . 2011-09-08 17:05	7331840	----a-w-	c:\windows\SysWow64\aticaldd.dll
2011-09-08 17:05 . 2011-05-25 02:39	4289024	----a-w-	c:\windows\SysWow64\atiumdag.dll
2011-09-08 17:00 . 2011-09-08 17:00	5428736	----a-w-	c:\windows\system32\atiumd64.dll
2011-09-08 16:59 . 2011-06-22 20:15	58880	----a-w-	c:\windows\system32\coinst.dll
2011-09-08 16:53 . 2011-09-08 16:53	381952	----a-w-	c:\windows\system32\atiadlxx.dll
2011-09-08 16:53 . 2011-09-08 16:53	270336	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2011-09-08 16:52 . 2011-09-08 16:52	15360	----a-w-	c:\windows\system32\atig6pxx.dll
2011-09-08 16:52 . 2011-09-08 16:52	13312	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52	13312	----a-w-	c:\windows\system32\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52	39936	----a-w-	c:\windows\system32\atig6txx.dll
2011-09-08 16:52 . 2011-09-08 16:52	32768	----a-w-	c:\windows\SysWow64\atigktxx.dll
2011-09-08 16:52 . 2011-09-08 16:52	310784	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2011-09-08 16:52 . 2010-09-29 01:14	40960	----a-w-	c:\windows\system32\atiuxp64.dll
2011-09-08 16:51 . 2010-09-29 01:14	31744	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2011-09-08 16:51 . 2011-05-25 02:24	38912	----a-w-	c:\windows\system32\atiu9p64.dll
2011-09-08 16:51 . 2011-05-25 02:24	29184	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2011-09-08 16:51 . 2011-09-08 16:51	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2011-09-08 16:51 . 2011-09-08 16:51	54784	----a-w-	c:\windows\system32\atimpc64.dll
2011-09-08 16:51 . 2011-09-08 16:51	54784	----a-w-	c:\windows\system32\amdpcom64.dll
2011-09-08 16:50 . 2011-09-08 16:50	53760	----a-w-	c:\windows\SysWow64\atimpc32.dll
2011-09-08 16:50 . 2011-09-08 16:50	53760	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2011-09-01 05:24 . 2011-10-13 04:40	2309120	----a-w-	c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-13 04:40	1389056	----a-w-	c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-13 04:40	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-13 04:40	1798144	----a-w-	c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-13 04:40	1126912	----a-w-	c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-13 04:40	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Remote Control Editor"="c:\program files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe" [2011-04-19 1710664]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2011-10-13 3510680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"UpdReg"=c:\windows\UpdReg.EXE
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
"CTSyncService"=c:\program files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe /StartRunKey
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\Basti\AppData\Local\Temp\ALSysIO64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-06-22 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-06-22 79360]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 netr7364;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-06-22 79360]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-08 361984]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-09-16 2027840]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 KovaPlusFltr;ROCCAT Kova[+] Mouse;c:\windows\system32\drivers\KovaPlusFltr.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TTHID;Cinergy Hybrid-Stick HID service;c:\windows\system32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-06-06 11856]
S3 UDXTTM6010;Cinergy Hybrid-Stick BDA service;c:\windows\system32\DRIVERS\UDXTTM6010.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-08 10060832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 80.69.100.174 192.168.0.1
FF - ProfilePath - c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\yvwko8uh.default\
FF - prefs.js: browser.startup.homepage - www.Google.de
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com//web?src=ffb&appid=0&systemid=410&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
Toolbar-10 - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1590950459-2463608396-2295467512-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1590950459-2463608396-2295467512-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1590950459-2463608396-2295467512-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:95,d5,20,95,c5,f7,0f,1a,52,0d,00,21,22,95,df,a2,c2,ff,51,e4,41,76,21,
   8a,94,7f,73,39,77,a2,98,f5,2c,fd,c5,a4,e1,3a,74,80,eb,92,79,f7,ea,11,6b,72,\
"??"=hex:20,b8,9d,13,ad,9b,8f,aa,e2,4d,c6,60,f5,bb,c8,ae
.
[HKEY_USERS\S-1-5-21-1590950459-2463608396-2295467512-1000\Software\SecuROM\License information*]
"datasecu"=hex:de,43,b0,a1,6e,6d,5c,3c,1d,10,a4,c4,24,0d,65,2a,4a,25,da,c1,47,
   e0,4c,de,98,a8,d4,ba,17,ae,73,7a,97,49,a8,13,95,e6,24,f4,29,a8,ca,ce,59,6c,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-11-27  16:24:00
ComboFix-quarantined-files.txt  2011-11-27 15:24
.
Vor Suchlauf: 10 Verzeichnis(se), 85.750.710.272 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 85.575.008.256 Bytes frei
.
- - End Of File - - C4357DCB21E0D1E22E7B4E2B8A88A652
         
--- --- ---


Alt 27.11.2011, 16:30   #6
markusg
/// Malware-holic
 
Virus öffnet IE Mit meldung 100€ zu zahlen. - Standard

Virus öffnet IE Mit meldung 100€ zu zahlen.



hi,
öffne computer, c:, dort qoobox, dort rechtsklick auf quarantain, mit winrar zip 7zip oder anderem packer ein archiv erstellen und nach anleitung hochladen.
http://www.trojaner-board.de/54791-a...ner-board.html
__________________
--> Virus öffnet IE Mit meldung 100€ zu zahlen.

Alt 27.11.2011, 16:37   #7
Basti24
 
Virus öffnet IE Mit meldung 100€ zu zahlen. - Standard

Virus öffnet IE Mit meldung 100€ zu zahlen.



ok sollte hochladen sein.

Alt 27.11.2011, 16:42   #8
markusg
/// Malware-holic
 
Virus öffnet IE Mit meldung 100€ zu zahlen. - Standard

Virus öffnet IE Mit meldung 100€ zu zahlen.



hi
start programme zubehör editor, reinkopieren bitte
killall::
Rootkit::
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.3512736113240913.exe
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.3512736113240913.exe
c:\windows\0.3512736113240913.exe
Datei speichern unter, ort dort wo sich combofix.exe befindet.
typ alle dateien.
name:
cfscript.txt

ziehe cfscript auf combofix, programm startet log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.11.2011, 17:09   #9
Basti24
 
Virus öffnet IE Mit meldung 100€ zu zahlen. - Standard

Virus öffnet IE Mit meldung 100€ zu zahlen.



So, es hat scheinbar nicht geklappt, nach dem ich das beschreibene getan habe, wurde mein rechner neugestartet. Nach dem Hochfahren wurde zwar der IE nicht wie sonst immer geöffnet mit der 100€ warnung, dafür konnte ich aber keine programme mehr öffnen mit der meldung : Es wurde versucht eine Registrierungsschlüssel einem unzulässigem Vorgang zu unterziehen der zum löschen markiert wurde.

habe jetzt beim bootvorgang via F8 drücken weine systemwiederherstellung gemacht, nun öffnet er leider auch wieder denn IE am anfang mit besagter seite.
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-11-27.01 - Basti 27.11.2011  16:49:54.2.4 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.49.1031.18.8191.5964 [GMT 1:00]
ausgeführt von:: c:\users\Basti\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Basti\Desktop\cfscript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-27 bis 2011-11-27  ))))))))))))))))))))))))))))))
.
.
2011-11-27 15:52 . 2011-11-27 15:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-26 22:25 . 2011-11-26 22:25	--------	d-----w-	c:\users\Basti\AppData\Roaming\PunkBuster
2011-11-25 13:40 . 2011-10-07 04:16	8570192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CF967AD-856E-4807-9AA7-6CBB5C1FE885}\mpengine.dll
2011-11-19 12:37 . 2011-11-19 12:37	--------	d-----w-	c:\users\Basti\AppData\Roaming\Ubisoft
2011-11-19 12:36 . 2010-06-02 03:55	77656	----a-w-	c:\windows\system32\XAPOFX1_5.dll
2011-11-19 12:36 . 2010-06-02 03:55	74072	----a-w-	c:\windows\SysWow64\XAPOFX1_5.dll
2011-11-19 12:36 . 2010-06-02 03:55	527192	----a-w-	c:\windows\SysWow64\XAudio2_7.dll
2011-11-19 12:36 . 2010-06-02 03:55	518488	----a-w-	c:\windows\system32\XAudio2_7.dll
2011-11-19 12:36 . 2010-06-02 03:55	239960	----a-w-	c:\windows\SysWow64\xactengine3_7.dll
2011-11-19 12:36 . 2010-06-02 03:55	176984	----a-w-	c:\windows\system32\xactengine3_7.dll
2011-11-18 20:48 . 2009-09-04 16:29	453456	----a-w-	c:\windows\SysWow64\d3dx10_42.dll
2011-11-18 20:48 . 2009-09-04 16:29	1892184	----a-w-	c:\windows\SysWow64\D3DX9_42.dll
2011-11-13 11:36 . 2011-11-13 11:36	--------	d-----w-	c:\windows\system32\Macromed
2011-11-11 19:00 . 2008-07-10 10:01	467984	----a-w-	c:\windows\SysWow64\d3dx10_39.dll
2011-11-11 18:59 . 2008-03-05 15:04	489480	----a-w-	c:\windows\system32\XAudio2_0.dll
2011-11-11 18:59 . 2008-03-05 15:03	479752	----a-w-	c:\windows\SysWow64\XAudio2_0.dll
2011-11-11 18:59 . 2008-03-05 15:03	238088	----a-w-	c:\windows\SysWow64\xactengine3_0.dll
2011-11-11 18:59 . 2008-03-05 15:03	177672	----a-w-	c:\windows\system32\xactengine3_0.dll
2011-11-11 18:59 . 2008-03-05 15:00	28168	----a-w-	c:\windows\system32\X3DAudio1_3.dll
2011-11-11 18:59 . 2008-03-05 15:00	25608	----a-w-	c:\windows\SysWow64\X3DAudio1_3.dll
2011-11-11 18:59 . 2008-03-05 14:56	1860120	----a-w-	c:\windows\system32\D3DCompiler_37.dll
2011-11-11 18:59 . 2008-03-05 14:56	1420824	----a-w-	c:\windows\SysWow64\D3DCompiler_37.dll
2011-11-11 18:59 . 2008-02-05 22:07	462864	----a-w-	c:\windows\SysWow64\d3dx10_37.dll
2011-11-11 18:59 . 2008-02-05 22:07	529424	----a-w-	c:\windows\system32\d3dx10_37.dll
2011-11-11 18:59 . 2008-03-05 14:56	4910088	----a-w-	c:\windows\system32\D3DX9_37.dll
2011-11-11 18:59 . 2008-03-05 14:56	3786760	----a-w-	c:\windows\SysWow64\D3DX9_37.dll
2011-11-09 21:08 . 2011-10-01 05:45	886784	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-09 21:08 . 2011-10-01 04:37	708608	----a-w-	c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 21:08 . 2011-09-29 16:29	1923952	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-09 21:08 . 2011-09-29 04:03	3144704	----a-w-	c:\windows\system32\win32k.sys
2011-11-08 22:48 . 2011-11-08 22:48	--------	d-----w-	c:\users\Basti\AppData\Roaming\OpenOffice.org
2011-11-08 22:47 . 2011-11-08 22:47	--------	d-----w-	c:\program files (x86)\OpenOffice.org 3
2011-11-05 01:57 . 2011-11-05 01:57	--------	d-----w-	c:\program files (x86)\Pokemon World Online
2011-10-29 19:56 . 2011-10-30 00:40	--------	d-----w-	c:\users\Basti\AppData\Local\ESN Sonar
2011-10-29 11:29 . 2011-11-05 13:29	--------	d-----w-	c:\program files (x86)\Battlelog Web Plugins
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-26 19:41 . 2011-09-24 15:52	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2011-11-26 19:41 . 2011-09-24 09:50	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2011-11-26 13:00 . 2011-09-24 09:50	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2011-11-25 14:33 . 2011-08-14 15:33	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2011-11-13 22:07 . 2011-06-22 22:27	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-02 19:56 . 2011-08-14 15:33	2337865	----a-w-	c:\windows\SysWow64\pbsvc.exe
2011-10-20 23:26 . 2011-10-20 23:26	94208	----a-w-	c:\windows\SysWow64\dpl100.dll
2011-10-16 17:12 . 2009-08-18 10:49	564632	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-10-16 17:12 . 2009-08-18 09:24	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-13 20:29 . 2011-10-13 20:29	42392	----a-w-	c:\windows\SysWow64\xfcodec.dll
2011-10-13 20:29 . 2011-10-13 20:29	28056	----a-w-	c:\windows\system32\xfcodec64.dll
2011-10-11 13:00 . 2011-10-15 12:00	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-15 12:00	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-10-11 13:00 . 2011-10-15 12:00	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-09-28 16:45 . 2011-09-28 16:45	15453832	----a-w-	c:\windows\SysWow64\xlive.dll
2011-09-28 16:45 . 2011-09-28 16:45	13642888	----a-w-	c:\windows\SysWow64\xlivefnt.dll
2011-09-16 14:52 . 2011-07-01 19:19	34624	----a-w-	c:\windows\system32\TURegOpt.exe
2011-09-16 14:44 . 2011-07-01 19:19	25920	----a-w-	c:\windows\system32\authuitu.dll
2011-09-16 14:44 . 2011-07-01 19:19	21312	----a-w-	c:\windows\SysWow64\authuitu.dll
2011-09-16 14:44 . 2011-07-01 19:19	36160	----a-w-	c:\windows\system32\uxtuneup.dll
2011-09-16 14:44 . 2011-07-01 19:19	29504	----a-w-	c:\windows\SysWow64\uxtuneup.dll
2011-09-14 09:47 . 2011-09-14 09:47	60416	----a-w-	c:\windows\system32\OVDecode64.dll
2011-09-14 09:47 . 2011-09-14 09:47	53760	----a-w-	c:\windows\SysWow64\OVDecode.dll
2011-09-14 09:47 . 2011-09-14 09:47	16652288	----a-w-	c:\windows\system32\amdocl64.dll
2011-09-14 09:46 . 2011-09-14 09:46	13625856	----a-w-	c:\windows\SysWow64\amdocl.dll
2011-09-14 09:38 . 2011-09-14 09:38	44032	----a-w-	c:\windows\system32\amdoclcl64.dll
2011-09-14 09:38 . 2011-09-14 09:38	37376	----a-w-	c:\windows\SysWow64\amdoclcl.dll
2011-09-08 18:27 . 2011-09-08 18:27	10203648	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2011-09-08 17:59 . 2011-09-08 17:59	24229376	----a-w-	c:\windows\system32\atio6axx.dll
2011-09-08 17:39 . 2011-09-08 17:39	18534912	----a-w-	c:\windows\SysWow64\atioglxx.dll
2011-09-08 17:34 . 2011-09-08 17:34	151552	----a-w-	c:\windows\system32\atiapfxx.exe
2011-09-08 17:34 . 2010-09-29 01:55	732672	----a-w-	c:\windows\SysWow64\aticfx32.dll
2011-09-08 17:32 . 2011-05-25 03:06	862720	----a-w-	c:\windows\system32\aticfx64.dll
2011-09-08 17:30 . 2011-09-08 17:30	466944	----a-w-	c:\windows\system32\ATIDEMGX.dll
2011-09-08 17:30 . 2011-09-08 17:30	486912	----a-w-	c:\windows\system32\atieclxx.exe
2011-09-08 17:29 . 2011-09-08 17:29	204288	----a-w-	c:\windows\system32\atiesrxx.exe
2011-09-08 17:28 . 2011-09-08 17:28	120320	----a-w-	c:\windows\system32\atitmm64.dll
2011-09-08 17:28 . 2011-09-08 17:28	423424	----a-w-	c:\windows\system32\atipdl64.dll
2011-09-08 17:28 . 2011-09-08 17:28	356352	----a-w-	c:\windows\SysWow64\atipdlxx.dll
2011-09-08 17:28 . 2011-09-08 17:28	278528	----a-w-	c:\windows\SysWow64\Oemdspif.dll
2011-09-08 17:28 . 2011-09-08 17:28	21504	----a-w-	c:\windows\system32\atimuixx.dll
2011-09-08 17:28 . 2011-09-08 17:28	59392	----a-w-	c:\windows\system32\atiedu64.dll
2011-09-08 17:28 . 2011-09-08 17:28	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2011-09-08 17:24 . 2010-09-29 01:46	4204032	----a-w-	c:\windows\SysWow64\atidxx32.dll
2011-09-08 17:18 . 2011-09-08 17:18	1113088	----a-w-	c:\windows\system32\atiumd6v.dll
2011-09-08 17:18 . 2011-09-08 17:18	1828864	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2011-09-08 17:18 . 2011-09-08 17:18	3888640	----a-w-	c:\windows\system32\atiumd6a.dll
2011-09-08 17:16 . 2011-05-25 02:49	4944896	----a-w-	c:\windows\system32\atidxx64.dll
2011-09-08 17:09 . 2011-09-08 17:09	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2011-09-08 17:09 . 2011-09-08 17:09	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2011-09-08 17:09 . 2011-09-08 17:09	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2011-09-08 17:09 . 2011-09-08 17:09	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2011-09-08 17:09 . 2011-09-08 17:09	8723456	----a-w-	c:\windows\system32\aticaldd64.dll
2011-09-08 17:08 . 2011-05-25 02:50	4064768	----a-w-	c:\windows\SysWow64\atiumdva.dll
2011-09-08 17:05 . 2011-09-08 17:05	7331840	----a-w-	c:\windows\SysWow64\aticaldd.dll
2011-09-08 17:05 . 2011-05-25 02:39	4289024	----a-w-	c:\windows\SysWow64\atiumdag.dll
2011-09-08 17:00 . 2011-09-08 17:00	5428736	----a-w-	c:\windows\system32\atiumd64.dll
2011-09-08 16:59 . 2011-06-22 20:15	58880	----a-w-	c:\windows\system32\coinst.dll
2011-09-08 16:53 . 2011-09-08 16:53	381952	----a-w-	c:\windows\system32\atiadlxx.dll
2011-09-08 16:53 . 2011-09-08 16:53	270336	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2011-09-08 16:52 . 2011-09-08 16:52	15360	----a-w-	c:\windows\system32\atig6pxx.dll
2011-09-08 16:52 . 2011-09-08 16:52	13312	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52	13312	----a-w-	c:\windows\system32\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52	39936	----a-w-	c:\windows\system32\atig6txx.dll
2011-09-08 16:52 . 2011-09-08 16:52	32768	----a-w-	c:\windows\SysWow64\atigktxx.dll
2011-09-08 16:52 . 2011-09-08 16:52	310784	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2011-09-08 16:52 . 2010-09-29 01:14	40960	----a-w-	c:\windows\system32\atiuxp64.dll
2011-09-08 16:51 . 2010-09-29 01:14	31744	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2011-09-08 16:51 . 2011-05-25 02:24	38912	----a-w-	c:\windows\system32\atiu9p64.dll
2011-09-08 16:51 . 2011-05-25 02:24	29184	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2011-09-08 16:51 . 2011-09-08 16:51	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2011-09-08 16:51 . 2011-09-08 16:51	54784	----a-w-	c:\windows\system32\atimpc64.dll
2011-09-08 16:51 . 2011-09-08 16:51	54784	----a-w-	c:\windows\system32\amdpcom64.dll
2011-09-08 16:50 . 2011-09-08 16:50	53760	----a-w-	c:\windows\SysWow64\atimpc32.dll
2011-09-08 16:50 . 2011-09-08 16:50	53760	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2011-09-01 05:24 . 2011-10-13 04:40	2309120	----a-w-	c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-13 04:40	1389056	----a-w-	c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-13 04:40	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-13 04:40	1798144	----a-w-	c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-13 04:40	1126912	----a-w-	c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-13 04:40	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-11-27_15.22.44   )))))))))))))))))))))))))))))))))))))))))
.
- 2011-11-27 14:03 . 2011-11-27 14:03	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-27 15:53 . 2011-11-27 15:53	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-27 14:03 . 2011-11-27 14:03	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-27 15:53 . 2011-11-27 15:53	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2011-11-27 15:52	288340              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-11-27 14:01	288340              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-06-23 00:24 . 2011-11-27 14:01	2498352              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-06-23 00:24 . 2011-11-27 15:52	2498352              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-06-22 17:44 . 2011-11-27 15:52	24250076              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1590950459-2463608396-2295467512-1000-8192.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Remote Control Editor"="c:\program files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe" [2011-04-19 1710664]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2011-10-13 3510680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"UpdReg"=c:\windows\UpdReg.EXE
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
"CTSyncService"=c:\program files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe /StartRunKey
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\Basti\AppData\Local\Temp\ALSysIO64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-06-22 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-06-22 79360]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 netr7364;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-06-22 79360]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-08 361984]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-09-16 2027840]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 KovaPlusFltr;ROCCAT Kova[+] Mouse;c:\windows\system32\drivers\KovaPlusFltr.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TTHID;Cinergy Hybrid-Stick HID service;c:\windows\system32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-06-06 11856]
S3 UDXTTM6010;Cinergy Hybrid-Stick BDA service;c:\windows\system32\DRIVERS\UDXTTM6010.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-08 10060832]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
FF - ProfilePath - c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\yvwko8uh.default\
FF - prefs.js: browser.startup.homepage - www.Google.de
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com//web?src=ffb&appid=0&systemid=410&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1590950459-2463608396-2295467512-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1590950459-2463608396-2295467512-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1590950459-2463608396-2295467512-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:95,d5,20,95,c5,f7,0f,1a,52,0d,00,21,22,95,df,a2,c2,ff,51,e4,41,76,21,
   8a,94,7f,73,39,77,a2,98,f5,2c,fd,c5,a4,e1,3a,74,80,eb,92,79,f7,ea,11,6b,72,\
"??"=hex:20,b8,9d,13,ad,9b,8f,aa,e2,4d,c6,60,f5,bb,c8,ae
.
[HKEY_USERS\S-1-5-21-1590950459-2463608396-2295467512-1000\Software\SecuROM\License information*]
"datasecu"=hex:de,43,b0,a1,6e,6d,5c,3c,1d,10,a4,c4,24,0d,65,2a,4a,25,da,c1,47,
   e0,4c,de,98,a8,d4,ba,17,ae,73,7a,97,49,a8,13,95,e6,24,f4,29,a8,ca,ce,59,6c,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-27  16:56:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-27 15:56
ComboFix2.txt  2011-11-27 15:24
.
Vor Suchlauf: 13 Verzeichnis(se), 84.859.105.280 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 84.307.574.784 Bytes frei
.
- - End Of File - - 646A65CEEAC6F7065B09EAE942269236
         
--- --- ---
bin mir nicht sicher ob es das richtige ist.

edit: außerdem sagte mir Combofix das avira noch an sei, habe aber denn echtzeit scanner deaktiviert, das reichte glaub ich auch.

Alt 27.11.2011, 17:12   #10
markusg
/// Malware-holic
 
Virus öffnet IE Mit meldung 100€ zu zahlen. - Standard

Virus öffnet IE Mit meldung 100€ zu zahlen.



hi, starte mal neu dann gehts wieder

lade mal in den upload channel folgendes hoch:
C:\Users\Basti\Desktop\Ckacran2070no.rar
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.11.2011, 17:24   #11
Basti24
 
Virus öffnet IE Mit meldung 100€ zu zahlen. - Standard

Virus öffnet IE Mit meldung 100€ zu zahlen.



Hi,

dauert wohl n bissel das hoch zu laden, ist 37 mb groß.

soll ich alles was oben beschreiben wurde von anfangan nochmal durchgehen? hab ja jetzt die systemwiederherstellung gemacht, so das auch der IE wieder einfach startet.

ist scheinbar fertig, ist es hochgeladen worden?

Geändert von Basti24 (27.11.2011 um 17:32 Uhr)

Alt 27.11.2011, 17:31   #12
markusg
/// Malware-holic
 
Virus öffnet IE Mit meldung 100€ zu zahlen. - Standard

Virus öffnet IE Mit meldung 100€ zu zahlen.



der upload in den upload channel geht dann nicht, bitte bei
File-Upload.net - Ihr kostenloser File Hoster!
hochladen link als private nachicht an mich
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.11.2011, 18:10   #13
markusg
/// Malware-holic
 
Virus öffnet IE Mit meldung 100€ zu zahlen. - Standard

Virus öffnet IE Mit meldung 100€ zu zahlen.



hi, wie ich sehe nutzt du cracks, dies ist illegal und wird von uns nicht unterstützt, deswegen kann ich dir nur beim formatieren und neu aufsetzen helfen, mehr nicht
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.11.2011, 18:16   #14
Basti24
 
Virus öffnet IE Mit meldung 100€ zu zahlen. - Standard

Virus öffnet IE Mit meldung 100€ zu zahlen.



Hi,

Werde denn Crack wohl auch löschen, es muss einem ersmal klar werden was man für einen Schaden anrichtet.

darüber bin ich mir im klaren, und lasse auch jegliche erklärungsversuche.

Wie demm auch sei, hab jetzt ein systemneustart gemacht und es scheint zu funktionieren. Ich danke dir trotzdem für deine sehr gute und sehr schnelle hilfe.

Hoffe nur damit ist dieser virus komplett gelöscht.

Und ich entschuldige mich hier mit falls ich gegen irrgentwelche Regeln verstoßen habe.


Einen schönen Abend noch

mfg Basti

Geändert von Basti24 (27.11.2011 um 18:24 Uhr)

Antwort

Themen zu Virus öffnet IE Mit meldung 100€ zu zahlen.
adobe, antivir, avg, avira, bho, bildschirm, desktop, explorer, festplatte, firefox, frage, gesperrt, hijack, hijackthis, home, internet, internet explorer, mozilla, performance, plug-in, problem, remote control, rundll, software, virus, windows, öffnet




Ähnliche Themen: Virus öffnet IE Mit meldung 100€ zu zahlen.


  1. Java Meldung : ich soll 100€ zahlen
    Plagegeister aller Art und deren Bekämpfung - 17.08.2015 (41)
  2. Opera öffnet FAke-Seite mit Meldung: Ihr Computer ist infiziert
    Log-Analyse und Auswertung - 12.07.2013 (13)
  3. GEMA Virus / 50€ Zahlen / Was tun?
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (14)
  4. BPD meldung- fake? muss 100€ zahlen
    Alles rund um Windows - 03.07.2012 (1)
  5. Sobald Verbindung mit Internet Meldung Windows Virenverseucht und 50 euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 15.03.2012 (1)
  6. 50€ Zahlen Virus
    Plagegeister aller Art und deren Bekämpfung - 19.02.2012 (6)
  7. Virus bei dem man 50€ zahlen muss
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (14)
  8. Windows Systemblock 50 Euro zahlen + BKA Virus 100 Euro zahlen
    Log-Analyse und Auswertung - 29.01.2012 (1)
  9. Ebenfalls Meldung " Computer blockiert" 50 € zahlen win Xp
    Log-Analyse und Auswertung - 22.01.2012 (7)
  10. Virus blockt PC, BKA?, 50€ zahlen
    Plagegeister aller Art und deren Bekämpfung - 18.01.2012 (1)
  11. Virus Sicherheitswahrnung 50€ zahlen
    Log-Analyse und Auswertung - 14.01.2012 (1)
  12. Meldung: Achtung, Ihr Windows wurde gesperrt - 50,--€ zahlen!
    Log-Analyse und Auswertung - 08.01.2012 (6)
  13. Auch Meldung " Computer blockiert" 50 € zahlen win Xp
    Log-Analyse und Auswertung - 18.12.2011 (1)
  14. Virus Meldung, Rechner langsam, InternetExplorer öffnet selbst Seiten
    Log-Analyse und Auswertung - 07.04.2010 (7)
  15. Internet Explorer öffnet automatisch mit Werbung! Trojaner Meldung..
    Log-Analyse und Auswertung - 21.11.2009 (18)
  16. Brower Fenster öffnet automatisch, Infected Meldung
    Log-Analyse und Auswertung - 09.10.2008 (7)
  17. Hilfe: Meldung vonwegen "Virus beagle" und seite öffnet sich
    Plagegeister aller Art und deren Bekämpfung - 10.04.2006 (10)

Zum Thema Virus öffnet IE Mit meldung 100€ zu zahlen. - Hallo, Ich habe mir heute einen Virus eingefangen, das war vor etwa 2 stunden. Dieser öffnet denn Internet Explorer, wo dann steht : Das mein Rechner von der Bundespolizei gesperrt - Virus öffnet IE Mit meldung 100€ zu zahlen....
Archiv
Du betrachtest: Virus öffnet IE Mit meldung 100€ zu zahlen. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.