![]() |
|
Plagegeister aller Art und deren Bekämpfung: Antivirus Software Alert -VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() Antivirus Software Alert -Virus Hallo, ich habe mir den Antivirus Software Alert eingefangen wie in folgendem Thread von einem anderen User auch beschrieben: http://www.trojaner-board.de/88043-w...are-alert.html CCleaner konnte ich leider nicht starten. Malwarebytes hat 4 infizierte Dateien "SolutionPro" entdeckt. Hier der Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4396 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 06.08.2010 03:07:07 mbam-log-2010-08-06 (03-07-07).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Durchsuchte Objekte: 260543 Laufzeit: 25 Minute(n), 0 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tenyelrj (Rogue.AntivirSolutionPro) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Dominik\AppData\Local\srbdlsivi\uxpqmobtssd.exe (Rogue.AntivirSolutionPro) -> No action taken. C:\Users\Dominik\AppData\Local\Temp\0.1372056070756883.exe (Rogue.AntivirSolutionPro) -> No action taken. Nach dem Neustart ist das Problem nicht mehr aufgetreten, ich habe aber trotzdem noch OTL Scan ausgeführt, wie im geposteten Thread vorgegeben. Hier der Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.08.2010 03:14:22 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Dominik\Downloads 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 687,13 Gb Total Space | 633,12 Gb Free Space | 92,14% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 244,28 Gb Total Space | 144,46 Gb Free Space | 59,14% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DOMEEEESPC Current User Name: Dominik Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Dominik\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\MagicTune Premium\GammaTray.exe () PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) ========== Modules (SafeList) ========== MOD - C:\Users\Dominik\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (MagicTune) -- C:\Windows\SysNative\drivers\MTiCtwl.sys (Samsung Electronics, Inc. ) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () DRV - (RushTopDevice_J) -- C:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys (Your Corporation) DRV - (DualCoreCenter) -- C:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys (MICRO-STAR INT'L CO., LTD.) DRV - (RushTopDevice2) -- C:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys (Your Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-163978163-1987638889-572582206-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-163978163-1987638889-572582206-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-163978163-1987638889-572582206-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F5 0B 7C 6D 75 11 CB 01 [binary data] IE - HKU\S-1-5-21-163978163-1987638889-572582206-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-163978163-1987638889-572582206-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-163978163-1987638889-572582206-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "hxxp://www.wettportal.com/quotenvergleich/surebets/" FF - prefs.js..extensions.enabledItems: firefoxextensions@keynote.com:17.0.12.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.1 FF - prefs.js..extensions.enabledItems: {c07d1a49-9894-49ff-a594-38960ede8fb9}:3.1.2 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.07.25 14:22:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.25 14:22:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.07.21 19:10:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.07.01 14:13:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010.08.06 01:14:25 | 000,000,000 | ---D | M] [2010.02.25 04:46:47 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\mozilla\Extensions [2010.02.25 04:46:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.08.06 02:37:31 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\mozilla\Firefox\Profiles\mz3ed2ju.default\extensions [2010.06.28 20:52:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dominik\AppData\Roaming\mozilla\Firefox\Profiles\mz3ed2ju.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.06.28 20:52:32 | 000,000,000 | ---D | M] (Update Scanner) -- C:\Users\Dominik\AppData\Roaming\mozilla\Firefox\Profiles\mz3ed2ju.default\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9} [2010.06.28 20:52:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dominik\AppData\Roaming\mozilla\Firefox\Profiles\mz3ed2ju.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.08.06 01:14:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.05.17 14:26:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\firefoxextensions@keynote.com [2010.08.06 01:14:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru [2010.08.06 01:14:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru [2010.05.17 14:26:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\firefoxextensions@keynote.com\components [2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010.07.22 23:53:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.07.22 23:53:25 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.07.22 23:53:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.07.22 23:53:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.22 23:53:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O4:64bit: - HKLM..\Run: [MagicTuneEngine] C:\Program Files (x86)\MagicTune Premium\MagicTuneLauncher.exe () O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd) O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab ZAO) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab ZAO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{489784e9-2ed7-11df-af89-002421e42826}\Shell - "" = AutoRun O33 - MountPoints2\{489784e9-2ed7-11df-af89-002421e42826}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found O33 - MountPoints2\{d0a20aaf-2168-11df-8faa-002421e42826}\Shell - "" = AutoRun O33 - MountPoints2\{d0a20aaf-2168-11df-8faa-002421e42826}\Shell\AutoRun\command - "" = E:\laucher.exe -- File not found O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\laucher.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^Dominik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FeedExpress.exe - C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FeedExpress.exe - File not found MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - e:\steam\steam.exe (Valve Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {228DA4C3-AF41-BA99-2BB5-3680A22321C1} - .NET Framework ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.08.06 02:39:02 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Malwarebytes [2010.08.06 02:38:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.08.06 02:38:42 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.08.06 02:38:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.08.06 02:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.06 01:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2010.08.06 01:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2010.08.06 01:14:17 | 000,560,216 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2010.08.06 01:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2010.08.05 23:47:29 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\srbdlsivi [2010.08.05 00:47:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2010.08.05 00:47:26 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\Google [2010.08.04 19:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\LCDGAMMA [2010.08.04 19:40:55 | 000,023,096 | ---- | C] (Samsung Electronics, Inc. ) -- C:\Windows\SysNative\drivers\MTiCtwl.sys [2010.08.04 19:40:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicTune Premium [2010.08.04 19:40:15 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\InstallShield [2010.08.04 19:12:57 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010.08.03 03:12:43 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\ElevatedDiagnostics [2010.07.30 20:22:55 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\Cisco [2010.07.30 20:22:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2010.07.30 20:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco [2010.07.24 01:19:10 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\ArmA 2 OA Demo Other Profiles [2010.07.24 01:15:57 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\ArmA 2 OA Demo [2010.07.24 01:15:57 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\ArmA 2 OA DEMO [2010.07.24 01:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive [2010.07.20 18:24:57 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Desktop\Neuer Ordner (3) [2010.07.14 22:29:59 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Desktop\Neuer Ordner (2) [2010.07.14 16:27:05 | 000,000,000 | R--D | C] -- C:\Users\Dominik\Documents\Scanned Documents [2010.07.14 16:27:04 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\Fax [2010.07.14 15:09:37 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2010.07.11 18:16:24 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\NFS SHIFT [2009.07.14 00:30:56 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Dominik\*.tmp files -> C:\Users\Dominik\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.06 03:16:47 | 002,359,296 | ---- | M] () -- C:\Users\Dominik\ntuser.dat [2010.08.06 03:16:34 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.06 03:16:34 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.06 03:13:56 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.08.06 03:13:56 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.08.06 03:13:56 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.08.06 03:13:56 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.08.06 03:13:56 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.08.06 03:09:39 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.06 03:09:25 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2010.08.06 03:09:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.06 03:09:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.06 03:09:14 | 3219,841,024 | -HS- | M] () -- C:\hiberfil.sys [2010.08.06 03:08:39 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000001-00000000-00000000-00001102-0000000B-00421102}.rfx [2010.08.06 03:08:39 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000001-00000000-00000000-00001102-0000000B-00421102}.rfx [2010.08.06 03:08:39 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000001-00000000-00000000-00001102-0000000B-00421102}.rfx [2010.08.06 03:08:08 | 001,698,048 | -H-- | M] () -- C:\Users\Dominik\AppData\Local\IconCache.db [2010.08.06 02:52:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.06 02:38:47 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.06 01:14:47 | 000,149,773 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2010.08.06 01:14:47 | 000,106,765 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2010.08.06 01:14:17 | 000,560,216 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2010.08.06 00:15:40 | 000,000,128 | ---- | M] () -- C:\Users\Dominik\AppData\Local\Temp$$_temp.ldb [2010.08.06 00:15:18 | 000,110,592 | ---- | M] () -- C:\Users\Dominik\AppData\Local\Temp$$_temp.mdb [2010.08.05 23:03:12 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010.08.05 23:03:12 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.08.05 22:14:06 | 000,048,761 | ---- | M] () -- C:\Users\Dominik\Desktop\Trainingslog.rtf [2010.08.05 20:44:04 | 000,543,577 | ---- | M] () -- C:\Users\Dominik\Desktop\135449_HausaufgabeBACH.docx [2010.08.05 04:02:29 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm [2010.08.05 04:02:29 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm [2010.08.04 19:40:21 | 000,001,690 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk [2010.08.04 19:40:21 | 000,001,672 | ---- | M] () -- C:\Users\Public\Desktop\MagicTunePremuim.lnk [2010.08.03 03:13:51 | 000,001,131 | ---- | M] () -- C:\Windows\SysNative\ctdnlstr.dat [2010.08.03 02:46:56 | 000,758,838 | ---- | M] () -- C:\Users\Dominik\Desktop\DSC33412.jpg [2010.08.02 23:18:53 | 000,144,750 | ---- | M] () -- C:\Users\Dominik\Desktop\gruenes_klassenzimmer_zweite_ag_280809_g.jpg [2010.08.02 23:15:13 | 000,115,634 | ---- | M] () -- C:\Users\Dominik\Desktop\vorher01.jpg [2010.08.02 23:15:06 | 000,258,702 | ---- | M] () -- C:\Users\Dominik\Desktop\nachher01.jpg [2010.07.27 16:53:38 | 000,377,886 | ---- | M] () -- C:\Users\Dominik\Desktop\135449_fulltext.pdf [2010.07.20 21:12:19 | 000,232,984 | ---- | M] () -- C:\Users\Dominik\Documents\nagel.jpg [2010.07.12 17:49:33 | 000,000,396 | ---- | M] () -- C:\Users\Dominik\Desktop\Need for Speed™ SHIFT - Verknüpfung.lnk [2010.07.12 01:19:08 | 000,578,322 | ---- | M] () -- C:\Users\Dominik\Desktop\Unbenannt.jpg [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Dominik\*.tmp files -> C:\Users\Dominik\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.06 02:38:47 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.06 01:14:47 | 000,149,773 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2010.08.06 01:14:47 | 000,106,765 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2010.08.06 00:15:13 | 000,110,592 | ---- | C] () -- C:\Users\Dominik\AppData\Local\Temp$$_temp.mdb [2010.08.06 00:15:13 | 000,000,128 | ---- | C] () -- C:\Users\Dominik\AppData\Local\Temp$$_temp.ldb [2010.08.05 00:47:29 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.05 00:47:28 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.04 19:40:21 | 000,001,690 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk [2010.08.04 19:40:21 | 000,001,672 | ---- | C] () -- C:\Users\Public\Desktop\MagicTunePremuim.lnk [2010.08.03 03:12:53 | 000,062,308 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000001-00000000-00000000-00001102-0000000B-00421102}.rfx [2010.08.03 03:12:53 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm [2010.08.03 03:12:53 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm [2010.08.03 03:12:53 | 000,000,820 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000001-00000000-00000000-00001102-0000000B-00421102}.rfx [2010.08.03 02:46:56 | 000,758,838 | ---- | C] () -- C:\Users\Dominik\Desktop\DSC33412.jpg [2010.08.02 23:18:53 | 000,144,750 | ---- | C] () -- C:\Users\Dominik\Desktop\gruenes_klassenzimmer_zweite_ag_280809_g.jpg [2010.08.02 23:15:13 | 000,115,634 | ---- | C] () -- C:\Users\Dominik\Desktop\vorher01.jpg [2010.08.02 23:15:05 | 000,258,702 | ---- | C] () -- C:\Users\Dominik\Desktop\nachher01.jpg [2010.07.27 16:53:37 | 000,377,886 | ---- | C] () -- C:\Users\Dominik\Desktop\135449_fulltext.pdf [2010.07.27 16:51:52 | 000,543,577 | ---- | C] () -- C:\Users\Dominik\Desktop\135449_HausaufgabeBACH.docx [2010.07.20 21:12:18 | 000,232,984 | ---- | C] () -- C:\Users\Dominik\Documents\nagel.jpg [2010.07.12 17:49:33 | 000,000,396 | ---- | C] () -- C:\Users\Dominik\Desktop\Need for Speed™ SHIFT - Verknüpfung.lnk [2010.07.12 01:19:08 | 000,578,322 | ---- | C] () -- C:\Users\Dominik\Desktop\Unbenannt.jpg [2010.06.29 17:10:59 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll [2010.06.29 17:10:59 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll [2010.06.29 17:10:59 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll [2010.06.29 17:07:57 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2010.06.29 17:07:57 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2010.05.22 15:06:11 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.03.07 19:19:01 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2010.02.24 18:51:41 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll [2010.02.24 17:05:36 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010.02.24 17:05:36 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2010.02.24 17:05:24 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2010.02.24 17:04:55 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.14 01:14:20 | 000,027,839 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2009.07.14 00:28:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.05.26 12:12:38 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll ========== LOP Check ========== [2010.05.22 15:06:25 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Canneverbe Limited [2010.05.11 19:02:46 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Canon [2010.03.14 02:40:39 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\DAEMON Tools Lite [2010.06.28 20:52:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Feedreader [2010.06.28 20:52:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\GetRightToGo [2010.06.28 20:52:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\HLSW [2010.06.28 20:52:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\IrfanView [2010.05.17 14:26:05 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Keynote Systems [2010.03.20 22:26:04 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Miranda [2010.06.28 20:52:32 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Mp3 Ripper [2010.07.02 19:42:51 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Need for Speed World [2010.07.19 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Smart Recorder [2010.06.28 20:52:32 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Thunderbird [2010.06.17 23:22:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\TS3Client [2010.03.25 17:44:46 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\TuneUp Software [2010.03.17 22:27:09 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Ubisoft [2010.03.05 20:02:31 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\UpdatePatrol [2010.06.16 14:55:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(41).TXT [2010.06.16 14:55:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.02.25 00:48:33 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Adobe [2010.02.24 16:57:31 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\ATI [2010.05.22 15:06:25 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Canneverbe Limited [2010.05.11 19:02:46 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Canon [2010.03.07 21:28:47 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Creative [2010.03.14 02:40:39 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\DAEMON Tools Lite [2010.03.24 04:50:57 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\dvdcss [2010.06.28 20:52:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Feedreader [2010.06.28 20:52:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\GetRightToGo [2010.06.28 20:52:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\HLSW [2010.02.24 16:36:49 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Identities [2010.08.04 19:40:15 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\InstallShield [2010.06.28 20:52:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\IrfanView [2010.05.17 14:26:05 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Keynote Systems [2010.02.24 20:18:25 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Macromedia [2010.08.06 02:39:02 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Malwarebytes [2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Media Center Programs [2010.07.01 14:19:03 | 000,000,000 | --SD | M] -- C:\Users\Dominik\AppData\Roaming\Microsoft [2010.03.20 22:26:04 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Miranda [2010.02.24 18:25:06 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Mozilla [2010.06.28 20:52:32 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Mp3 Ripper [2010.07.02 19:42:51 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Need for Speed World [2010.03.15 20:03:11 | 000,000,000 | RH-D | M] -- C:\Users\Dominik\AppData\Roaming\SecuROM [2010.08.06 03:08:02 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Skype [2010.08.06 01:52:34 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\skypePM [2010.07.19 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Smart Recorder [2010.06.28 20:52:32 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Thunderbird [2010.06.17 23:22:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\TS3Client [2010.03.25 17:44:46 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\TuneUp Software [2010.03.17 22:27:09 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Ubisoft [2010.03.05 20:02:31 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\UpdatePatrol [2010.06.28 20:52:32 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Ventrilo [2010.08.04 03:10:07 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\vlc [2010.06.28 20:52:32 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Winamp [2010.02.24 22:00:18 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.02.26 23:47:48 | 000,010,134 | R--- | M] () -- C:\Users\Dominik\AppData\Roaming\Microsoft\Installer\{3D6A24EA-A543-6C84-351E-D7646E7AB86E}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\msvbvm60.dll < 5. Klicke "Scan" > < 6. 2 reporte werden erstellt: > < OTL.Txt > < Extras.Txt > < End of report > Ist das noch irgendwas Verdächtiges zu erkennen? Um was genau handelt es sich eigentlich bei dem Virus? Ist das was brandgefährliches oder will es nur dazu verleiten diese eine Software zu kaufen? Für Hilfe bin ich sehr dankbar ![]() Grüße foxx |
Themen zu Antivirus Software Alert -Virus |
.dll, 4d36e972-e325-11ce-bfc1-08002be10318, adblock, adobe, alert, antivirus, autorun, avp.exe, bho, c:\windows\system32\rundll32.exe, cdburnerxp, components, error, explorer, extras.txt, firefox, firefox.exe, format, infizierte, infizierte dateien, internet security 2011, kaspersky, langs, local\temp, location, logfile, media center, mozilla, mozilla thunderbird, mp3, need for speed, neustart, nvstor.sys, oldtimer, otl scan, otl.exe, otl.txt, plug-in, problem, programdata, realtek, registry, rundll, scan, scan ausgeführt, searchplugins, skype.exe, software, sptd.sys, staropen, start menu, syswow64, tastatur, temp, webcheck, wrapper |