| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Antivirus Software Alert -VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
06.08.2010, 02:30
| #1 |
| |  Antivirus Software Alert -Virus Hallo, ich habe mir den Antivirus Software Alert eingefangen wie in folgendem Thread von einem anderen User auch beschrieben: http://www.trojaner-board.de/88043-w...are-alert.html CCleaner konnte ich leider nicht starten. Malwarebytes hat 4 infizierte Dateien "SolutionPro" entdeckt. Hier der Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4396 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 06.08.2010 03:07:07 mbam-log-2010-08-06 (03-07-07).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Durchsuchte Objekte: 260543 Laufzeit: 25 Minute(n), 0 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tenyelrj (Rogue.AntivirSolutionPro) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Dominik\AppData\Local\srbdlsivi\uxpqmobtssd.exe (Rogue.AntivirSolutionPro) -> No action taken. C:\Users\Dominik\AppData\Local\Temp\0.1372056070756883.exe (Rogue.AntivirSolutionPro) -> No action taken. Nach dem Neustart ist das Problem nicht mehr aufgetreten, ich habe aber trotzdem noch OTL Scan ausgeführt, wie im geposteten Thread vorgegeben. Hier der Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.08.2010 03:14:22 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Dominik\Downloads 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 687,13 Gb Total Space | 633,12 Gb Free Space | 92,14% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 244,28 Gb Total Space | 144,46 Gb Free Space | 59,14% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DOMEEEESPC Current User Name: Dominik Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Dominik\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\MagicTune Premium\GammaTray.exe () PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) ========== Modules (SafeList) ========== MOD - C:\Users\Dominik\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (MagicTune) -- C:\Windows\SysNative\drivers\MTiCtwl.sys (Samsung Electronics, Inc. ) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () DRV - (RushTopDevice_J) -- C:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys (Your Corporation) DRV - (DualCoreCenter) -- C:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys (MICRO-STAR INT'L CO., LTD.) DRV - (RushTopDevice2) -- C:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys (Your Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-163978163-1987638889-572582206-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-163978163-1987638889-572582206-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-163978163-1987638889-572582206-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F5 0B 7C 6D 75 11 CB 01 [binary data] IE - HKU\S-1-5-21-163978163-1987638889-572582206-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-163978163-1987638889-572582206-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-163978163-1987638889-572582206-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "hxxp://www.wettportal.com/quotenvergleich/surebets/" FF - prefs.js..extensions.enabledItems: firefoxextensions@keynote.com:17.0.12.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.1 FF - prefs.js..extensions.enabledItems: {c07d1a49-9894-49ff-a594-38960ede8fb9}:3.1.2 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.07.25 14:22:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.25 14:22:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.07.21 19:10:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.07.01 14:13:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010.08.06 01:14:25 | 000,000,000 | ---D | M] [2010.02.25 04:46:47 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\mozilla\Extensions [2010.02.25 04:46:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.08.06 02:37:31 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\mozilla\Firefox\Profiles\mz3ed2ju.default\extensions [2010.06.28 20:52:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dominik\AppData\Roaming\mozilla\Firefox\Profiles\mz3ed2ju.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.06.28 20:52:32 | 000,000,000 | ---D | M] (Update Scanner) -- C:\Users\Dominik\AppData\Roaming\mozilla\Firefox\Profiles\mz3ed2ju.default\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9} [2010.06.28 20:52:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dominik\AppData\Roaming\mozilla\Firefox\Profiles\mz3ed2ju.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.08.06 01:14:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.05.17 14:26:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\firefoxextensions@keynote.com [2010.08.06 01:14:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru [2010.08.06 01:14:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru [2010.05.17 14:26:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\firefoxextensions@keynote.com\components [2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010.07.22 23:53:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.07.22 23:53:25 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.07.22 23:53:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.07.22 23:53:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.22 23:53:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O4:64bit: - HKLM..\Run: [MagicTuneEngine] C:\Program Files (x86)\MagicTune Premium\MagicTuneLauncher.exe () O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd) O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab ZAO) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab ZAO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{489784e9-2ed7-11df-af89-002421e42826}\Shell - "" = AutoRun O33 - MountPoints2\{489784e9-2ed7-11df-af89-002421e42826}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found O33 - MountPoints2\{d0a20aaf-2168-11df-8faa-002421e42826}\Shell - "" = AutoRun O33 - MountPoints2\{d0a20aaf-2168-11df-8faa-002421e42826}\Shell\AutoRun\command - "" = E:\laucher.exe -- File not found O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\laucher.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^Dominik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FeedExpress.exe - C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FeedExpress.exe - File not found MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - e:\steam\steam.exe (Valve Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {228DA4C3-AF41-BA99-2BB5-3680A22321C1} - .NET Framework ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.08.06 02:39:02 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Malwarebytes [2010.08.06 02:38:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.08.06 02:38:42 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.08.06 02:38:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.08.06 02:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.06 01:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2010.08.06 01:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2010.08.06 01:14:17 | 000,560,216 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2010.08.06 01:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2010.08.05 23:47:29 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\srbdlsivi [2010.08.05 00:47:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2010.08.05 00:47:26 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\Google [2010.08.04 19:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\LCDGAMMA [2010.08.04 19:40:55 | 000,023,096 | ---- | C] (Samsung Electronics, Inc. ) -- C:\Windows\SysNative\drivers\MTiCtwl.sys [2010.08.04 19:40:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicTune Premium [2010.08.04 19:40:15 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\InstallShield [2010.08.04 19:12:57 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010.08.03 03:12:43 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\ElevatedDiagnostics [2010.07.30 20:22:55 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\Cisco [2010.07.30 20:22:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2010.07.30 20:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco [2010.07.24 01:19:10 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\ArmA 2 OA Demo Other Profiles [2010.07.24 01:15:57 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\ArmA 2 OA Demo [2010.07.24 01:15:57 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\ArmA 2 OA DEMO [2010.07.24 01:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive [2010.07.20 18:24:57 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Desktop\Neuer Ordner (3) [2010.07.14 22:29:59 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Desktop\Neuer Ordner (2) [2010.07.14 16:27:05 | 000,000,000 | R--D | C] -- C:\Users\Dominik\Documents\Scanned Documents [2010.07.14 16:27:04 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\Fax [2010.07.14 15:09:37 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2010.07.11 18:16:24 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\NFS SHIFT [2009.07.14 00:30:56 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Dominik\*.tmp files -> C:\Users\Dominik\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.06 03:16:47 | 002,359,296 | ---- | M] () -- C:\Users\Dominik\ntuser.dat [2010.08.06 03:16:34 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.06 03:16:34 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.06 03:13:56 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.08.06 03:13:56 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.08.06 03:13:56 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.08.06 03:13:56 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.08.06 03:13:56 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.08.06 03:09:39 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.06 03:09:25 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2010.08.06 03:09:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.06 03:09:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.06 03:09:14 | 3219,841,024 | -HS- | M] () -- C:\hiberfil.sys [2010.08.06 03:08:39 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000001-00000000-00000000-00001102-0000000B-00421102}.rfx [2010.08.06 03:08:39 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000001-00000000-00000000-00001102-0000000B-00421102}.rfx [2010.08.06 03:08:39 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000001-00000000-00000000-00001102-0000000B-00421102}.rfx [2010.08.06 03:08:08 | 001,698,048 | -H-- | M] () -- C:\Users\Dominik\AppData\Local\IconCache.db [2010.08.06 02:52:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.06 02:38:47 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.06 01:14:47 | 000,149,773 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2010.08.06 01:14:47 | 000,106,765 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2010.08.06 01:14:17 | 000,560,216 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2010.08.06 00:15:40 | 000,000,128 | ---- | M] () -- C:\Users\Dominik\AppData\Local\Temp$$_temp.ldb [2010.08.06 00:15:18 | 000,110,592 | ---- | M] () -- C:\Users\Dominik\AppData\Local\Temp$$_temp.mdb [2010.08.05 23:03:12 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010.08.05 23:03:12 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.08.05 22:14:06 | 000,048,761 | ---- | M] () -- C:\Users\Dominik\Desktop\Trainingslog.rtf [2010.08.05 20:44:04 | 000,543,577 | ---- | M] () -- C:\Users\Dominik\Desktop\135449_HausaufgabeBACH.docx [2010.08.05 04:02:29 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm [2010.08.05 04:02:29 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm [2010.08.04 19:40:21 | 000,001,690 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk [2010.08.04 19:40:21 | 000,001,672 | ---- | M] () -- C:\Users\Public\Desktop\MagicTunePremuim.lnk [2010.08.03 03:13:51 | 000,001,131 | ---- | M] () -- C:\Windows\SysNative\ctdnlstr.dat [2010.08.03 02:46:56 | 000,758,838 | ---- | M] () -- C:\Users\Dominik\Desktop\DSC33412.jpg [2010.08.02 23:18:53 | 000,144,750 | ---- | M] () -- C:\Users\Dominik\Desktop\gruenes_klassenzimmer_zweite_ag_280809_g.jpg [2010.08.02 23:15:13 | 000,115,634 | ---- | M] () -- C:\Users\Dominik\Desktop\vorher01.jpg [2010.08.02 23:15:06 | 000,258,702 | ---- | M] () -- C:\Users\Dominik\Desktop\nachher01.jpg [2010.07.27 16:53:38 | 000,377,886 | ---- | M] () -- C:\Users\Dominik\Desktop\135449_fulltext.pdf [2010.07.20 21:12:19 | 000,232,984 | ---- | M] () -- C:\Users\Dominik\Documents\nagel.jpg [2010.07.12 17:49:33 | 000,000,396 | ---- | M] () -- C:\Users\Dominik\Desktop\Need for Speed™ SHIFT - Verknüpfung.lnk [2010.07.12 01:19:08 | 000,578,322 | ---- | M] () -- C:\Users\Dominik\Desktop\Unbenannt.jpg [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Dominik\*.tmp files -> C:\Users\Dominik\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.06 02:38:47 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.06 01:14:47 | 000,149,773 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2010.08.06 01:14:47 | 000,106,765 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2010.08.06 00:15:13 | 000,110,592 | ---- | C] () -- C:\Users\Dominik\AppData\Local\Temp$$_temp.mdb [2010.08.06 00:15:13 | 000,000,128 | ---- | C] () -- C:\Users\Dominik\AppData\Local\Temp$$_temp.ldb [2010.08.05 00:47:29 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.05 00:47:28 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.04 19:40:21 | 000,001,690 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk [2010.08.04 19:40:21 | 000,001,672 | ---- | C] () -- C:\Users\Public\Desktop\MagicTunePremuim.lnk [2010.08.03 03:12:53 | 000,062,308 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000001-00000000-00000000-00001102-0000000B-00421102}.rfx [2010.08.03 03:12:53 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm [2010.08.03 03:12:53 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm [2010.08.03 03:12:53 | 000,000,820 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000001-00000000-00000000-00001102-0000000B-00421102}.rfx [2010.08.03 02:46:56 | 000,758,838 | ---- | C] () -- C:\Users\Dominik\Desktop\DSC33412.jpg [2010.08.02 23:18:53 | 000,144,750 | ---- | C] () -- C:\Users\Dominik\Desktop\gruenes_klassenzimmer_zweite_ag_280809_g.jpg [2010.08.02 23:15:13 | 000,115,634 | ---- | C] () -- C:\Users\Dominik\Desktop\vorher01.jpg [2010.08.02 23:15:05 | 000,258,702 | ---- | C] () -- C:\Users\Dominik\Desktop\nachher01.jpg [2010.07.27 16:53:37 | 000,377,886 | ---- | C] () -- C:\Users\Dominik\Desktop\135449_fulltext.pdf [2010.07.27 16:51:52 | 000,543,577 | ---- | C] () -- C:\Users\Dominik\Desktop\135449_HausaufgabeBACH.docx [2010.07.20 21:12:18 | 000,232,984 | ---- | C] () -- C:\Users\Dominik\Documents\nagel.jpg [2010.07.12 17:49:33 | 000,000,396 | ---- | C] () -- C:\Users\Dominik\Desktop\Need for Speed™ SHIFT - Verknüpfung.lnk [2010.07.12 01:19:08 | 000,578,322 | ---- | C] () -- C:\Users\Dominik\Desktop\Unbenannt.jpg [2010.06.29 17:10:59 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll [2010.06.29 17:10:59 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll [2010.06.29 17:10:59 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll [2010.06.29 17:07:57 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2010.06.29 17:07:57 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2010.05.22 15:06:11 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.03.07 19:19:01 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2010.02.24 18:51:41 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll [2010.02.24 17:05:36 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010.02.24 17:05:36 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2010.02.24 17:05:24 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2010.02.24 17:04:55 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.14 01:14:20 | 000,027,839 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2009.07.14 00:28:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.05.26 12:12:38 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll ========== LOP Check ========== [2010.05.22 15:06:25 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Canneverbe Limited [2010.05.11 19:02:46 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Canon [2010.03.14 02:40:39 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\DAEMON Tools Lite [2010.06.28 20:52:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Feedreader [2010.06.28 20:52:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\GetRightToGo [2010.06.28 20:52:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\HLSW [2010.06.28 20:52:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\IrfanView [2010.05.17 14:26:05 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Keynote Systems [2010.03.20 22:26:04 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Miranda [2010.06.28 20:52:32 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Mp3 Ripper [2010.07.02 19:42:51 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Need for Speed World [2010.07.19 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Smart Recorder [2010.06.28 20:52:32 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Thunderbird [2010.06.17 23:22:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\TS3Client [2010.03.25 17:44:46 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\TuneUp Software [2010.03.17 22:27:09 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Ubisoft [2010.03.05 20:02:31 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\UpdatePatrol [2010.06.16 14:55:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(41).TXT [2010.06.16 14:55:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.02.25 00:48:33 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Adobe [2010.02.24 16:57:31 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\ATI [2010.05.22 15:06:25 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Canneverbe Limited [2010.05.11 19:02:46 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Canon [2010.03.07 21:28:47 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Creative [2010.03.14 02:40:39 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\DAEMON Tools Lite [2010.03.24 04:50:57 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\dvdcss [2010.06.28 20:52:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Feedreader [2010.06.28 20:52:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\GetRightToGo [2010.06.28 20:52:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\HLSW [2010.02.24 16:36:49 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Identities [2010.08.04 19:40:15 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\InstallShield [2010.06.28 20:52:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\IrfanView [2010.05.17 14:26:05 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Keynote Systems [2010.02.24 20:18:25 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Macromedia [2010.08.06 02:39:02 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Malwarebytes [2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Media Center Programs [2010.07.01 14:19:03 | 000,000,000 | --SD | M] -- C:\Users\Dominik\AppData\Roaming\Microsoft [2010.03.20 22:26:04 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Miranda [2010.02.24 18:25:06 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Mozilla [2010.06.28 20:52:32 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Mp3 Ripper [2010.07.02 19:42:51 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Need for Speed World [2010.03.15 20:03:11 | 000,000,000 | RH-D | M] -- C:\Users\Dominik\AppData\Roaming\SecuROM [2010.08.06 03:08:02 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Skype [2010.08.06 01:52:34 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\skypePM [2010.07.19 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Smart Recorder [2010.06.28 20:52:32 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Thunderbird [2010.06.17 23:22:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\TS3Client [2010.03.25 17:44:46 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\TuneUp Software [2010.03.17 22:27:09 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Ubisoft [2010.03.05 20:02:31 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\UpdatePatrol [2010.06.28 20:52:32 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Ventrilo [2010.08.04 03:10:07 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\vlc [2010.06.28 20:52:32 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Winamp [2010.02.24 22:00:18 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.02.26 23:47:48 | 000,010,134 | R--- | M] () -- C:\Users\Dominik\AppData\Roaming\Microsoft\Installer\{3D6A24EA-A543-6C84-351E-D7646E7AB86E}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\msvbvm60.dll < 5. Klicke "Scan" > < 6. 2 reporte werden erstellt: > < OTL.Txt > < Extras.Txt > < End of report > Ist das noch irgendwas Verdächtiges zu erkennen? Um was genau handelt es sich eigentlich bei dem Virus? Ist das was brandgefährliches oder will es nur dazu verleiten diese eine Software zu kaufen? Für Hilfe bin ich sehr dankbar  Grüße foxx |
|
06.08.2010, 09:26
| #2 | ||
| /// Helfer-Team    | Antivirus Software Alert -Virus Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
- wenn man auf dubiosen Seiten surft bestehen Gefahren, dass sich `zufällig ausgerechnet in dem Moment` ein Schädling installiert. Die dann weitere Schadprogramme ( Rogue Software) aus dem Internet nachlädt. Diese Antiviren-Software erstellt eine Warnnachricht, die behauptet, dass "Ihr Computer infiziert ist (die eigentlich gar nicht existiert), danach zeigt es Popups mit gefälschten Bedrohungen usw. Eventuell das vorgetäuschte Antiviren-Programm fordert anschließend Geld für die Beseitigung usw Aber gibt es genug Fake-Programm im Internet, "direkt" herunterzuladen auch...wenn man sich vorher nicht informiert und man glaubt an das Gute in der Welt... heise.de/security/Zweifelhafte-Antiviren-Produkte ein Trojaner mit Backdoor Eigenschaften  1. Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken: System-Dateien und -Ordner unter XP und Vista sichtbar machen Am Ende unserer Arbeit, kannst wieder rückgängig machen! 2. - Lade dir RSIT - 3. → Lade Dir HJTscanlist.zip herunter → entpacke die Datei auf deinem Desktop → Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren → per Doppelklick starten → Wähle dein Betriebsystem aus - Vista → Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen → Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren → Bitte kopiere den Inhalt hier in Deinen Thread. 4. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool CCleaner herunter installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein Zitat:
Coverflow Geändert von kira (06.08.2010 um 09:42 Uhr) |
|
06.08.2010, 13:27
| #3 |
| | Antivirus Software Alert -Virus Hey Coverflow, danke für deine Hilfe schon mal
__________________1. Gemacht! 2. Beides im Anhang 3. Code:
ATTFilter
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
º º
hjtscanlist v2.0
º º
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Microsoft Windows [Version 6.1.7600]
C:
06.08.2010 14:07 C:\rsit --------- 0
06.08.2010 14:07 C:\Program Files (x86) --------- 12288
06.08.2010 13:59 C:\System Volume Information --------- 20480
C:\pagefile.sys ---------
C:\hiberfil.sys ---------
06.08.2010 02:38 C:\ProgramData --------- 8192
06.08.2010 00:08 C:\Windows --------- 24576
02.07.2010 20:05 C:\Program Files --------- 8192
27.05.2010 19:24 C:\WAVTOMP3 --------- 0
17.05.2010 14:26 C:\$Recycle.Bin --------- 0
11.05.2010 23:21 C:\MSOCache --------- 0
26.02.2010 23:41 C:\ATI --------- 0
24.02.2010 16:50 C:\RaidTool --------- 0
24.02.2010 16:36 C:\Users --------- 4096
24.02.2010 16:36 C:\Recovery --------- 0
24.02.2010 16:36 C:\Dokumente und Einstellungen --------- 0
24.02.2010 16:36 C:\Programme --------- 0
14.07.2009 07:08 C:\Documents and Settings --------- 0
14.07.2009 05:20 C:\PerfLogs --------- 0
07.11.2007 08:53 C:\VC_RED.MSI --------- 242176
07.11.2007 08:50 C:\VC_RED.cab --------- 1927956
07.11.2007 08:44 C:\install.exe --------- 855040
07.11.2007 08:44 C:\install.res.1031.dll --------- 95248
07.11.2007 08:44 C:\install.res.2052.dll --------- 74768
07.11.2007 08:44 C:\install.res.3082.dll --------- 95248
07.11.2007 08:44 C:\install.res.1040.dll --------- 94224
07.11.2007 08:44 C:\install.res.1033.dll --------- 90128
07.11.2007 08:44 C:\install.res.1041.dll --------- 80400
07.11.2007 08:44 C:\install.res.1042.dll --------- 78864
07.11.2007 08:44 C:\install.res.1028.dll --------- 75280
07.11.2007 08:44 C:\install.res.1036.dll --------- 96272
07.11.2007 08:00 C:\eula.1031.txt --------- 17734
07.11.2007 08:00 C:\eula.1028.txt --------- 17734
07.11.2007 08:00 C:\eula.1033.txt --------- 10134
07.11.2007 08:00 C:\eula.1036.txt --------- 17734
07.11.2007 08:00 C:\eula.2052.txt --------- 17734
07.11.2007 08:00 C:\eula.1040.txt --------- 17734
07.11.2007 08:00 C:\install.ini --------- 843
07.11.2007 08:00 C:\eula.1041.txt --------- 118
07.11.2007 08:00 C:\vcredist.bmp --------- 5686
07.11.2007 08:00 C:\globdata.ini --------- 1110
07.11.2007 08:00 C:\eula.3082.txt --------- 17734
07.11.2007 08:00 C:\eula.1042.txt --------- 17734
02.12.2006 00:37 C:\msdia80.dll --------- 904704
----------------------------------------
C:\Windows
06.08.2010 13:59 C:\Windows\WindowsUpdate.log --------- 1705392
06.08.2010 13:55 C:\Windows\setupact.log --------- 11370
06.08.2010 13:55 C:\Windows\bootstat.dat --------- 67584
06.08.2010 01:13 C:\Windows\PFRO.log --------- 307472
06.08.2010 00:15 C:\Windows\ntbtlog.txt --------- 269144
24.07.2010 01:15 C:\Windows\DirectX.log --------- 63134
11.05.2010 23:22 C:\Windows\win.ini --------- 478
07.03.2010 20:52 C:\Windows\ctfile.rfc --------- 159
07.03.2010 19:19 C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini --------- 262
24.02.2010 16:57 C:\Windows\ativpsrm.bin --------- 0
08.12.2009 15:40 C:\Windows\atiogl.xml --------- 20274
31.10.2009 08:34 C:\Windows\explorer.exe --------- 2870272
14.07.2009 06:54 C:\Windows\WindowsShell.Manifest --------- 749
14.07.2009 06:51 C:\Windows\setuperr.log --------- 0
14.07.2009 03:39 C:\Windows\write.exe --------- 10240
14.07.2009 03:39 C:\Windows\splwow64.exe --------- 61952
14.07.2009 03:39 C:\Windows\regedit.exe --------- 427008
14.07.2009 03:39 C:\Windows\notepad.exe --------- 193536
14.07.2009 03:39 C:\Windows\HelpPane.exe --------- 733696
14.07.2009 03:39 C:\Windows\hh.exe --------- 16896
14.07.2009 03:39 C:\Windows\fveupdate.exe --------- 15360
14.07.2009 03:38 C:\Windows\bfsvc.exe --------- 71168
14.07.2009 03:16 C:\Windows\twain_32.dll --------- 51200
14.07.2009 03:14 C:\Windows\winhlp32.exe --------- 9728
14.07.2009 03:14 C:\Windows\twunk_32.exe --------- 31232
14.07.2009 01:06 C:\Windows\mib.bin --------- 43131
10.06.2009 23:41 C:\Windows\twunk_16.exe --------- 49680
10.06.2009 23:41 C:\Windows\twain.dll --------- 94784
10.06.2009 23:08 C:\Windows\system.ini --------- 219
10.06.2009 22:52 C:\Windows\WMSysPr9.prx --------- 316640
10.06.2009 22:36 C:\Windows\msdfmap.ini --------- 1405
10.06.2009 22:31 C:\Windows\Starter.xml --------- 48201
10.06.2009 22:30 C:\Windows\Professional.xml --------- 53551
26.12.2006 13:01 C:\Windows\ver5.5.14.0.txt --------- 222
13.10.2006 09:18 C:\Windows\nvoclk64.sys --------- 18216
13.10.2006 09:18 C:\Windows\nvoclock.sys --------- 6912
13.10.2006 09:18 C:\Windows\ntuneoem.dll --------- 380928
13.10.2006 09:16 C:\Windows\nvsulib.dll --------- 421888
13.10.2006 09:13 C:\Windows\NVBenchMarks.dll --------- 1622016
13.10.2006 09:12 C:\Windows\AutoTuneScript.dll --------- 28672
05.09.2006 15:59 C:\Windows\NVGfxOgl.dll --------- 217088
21.08.2006 10:20 C:\Windows\NTuneGpu.dll --------- 45056
01.06.2006 18:22 C:\Windows\Nvgpio.dll --------- 53248
23.09.2005 17:33 C:\Windows\msvcr71.dll --------- 348160
23.09.2005 17:33 C:\Windows\msvcp71.dll --------- 499712
23.09.2005 17:33 C:\Windows\MFC71.dll --------- 1060864
11.05.2000 02:00 C:\Windows\Updreg.EXE --------- 90112
----------------------------------------
C:\Windows\System
----------------------------------------
C:\Windows\System32
06.08.2010 14:02 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 15168
06.08.2010 14:02 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 15168
06.08.2010 14:01 C:\Windows\system32\PerfStringBackup.INI --------- 1472002
06.08.2010 14:01 C:\Windows\system32\perfh007.dat --------- 643628
06.08.2010 14:01 C:\Windows\system32\perfc009.dat --------- 103370
06.08.2010 14:01 C:\Windows\system32\perfc007.dat --------- 126188
06.08.2010 14:01 C:\Windows\system32\perfh009.dat --------- 606992
06.08.2010 14:11 C:\Windows\system32\config --------- 20480
06.08.2010 13:55 C:\Windows\system32\Ikeext.etl --------- 65536
06.08.2010 04:37 C:\Windows\system32\DVCState-{00000001-00000000-00000000-00001102-0000000B-00421102}.rfx --------- 820
06.08.2010 04:37 C:\Windows\system32\BMXState-{00000001-00000000-00000000-00001102-0000000B-00421102}.rfx --------- 62308
06.08.2010 04:37 C:\Windows\system32\BMXStateBkp-{00000001-00000000-00000000-00001102-0000000B-00421102}.rfx --------- 62308
06.08.2010 03:48 C:\Windows\system32\drivers --------- 65536
06.08.2010 01:14 C:\Windows\system32\catroot --------- 4096
06.08.2010 01:14 C:\Windows\system32\DriverStore --------- 4096
06.08.2010 00:56 C:\Windows\system32\NDF --------- 0
05.08.2010 04:02 C:\Windows\system32\settingsbkup.sfm --------- 1080
05.08.2010 04:02 C:\Windows\system32\settings.sfm --------- 1080
05.08.2010 00:47 C:\Windows\system32\Tasks --------- 4096
04.08.2010 13:57 C:\Windows\system32\catroot2 --------- 20480
03.08.2010 03:13 C:\Windows\system32\ctdnlstr.dat --------- 1131
03.08.2010 03:09 C:\Windows\system32\Data --------- 8192
27.07.2010 16:59 C:\Windows\system32\shell32.dll --------- 14162944
02.07.2010 22:18 C:\Windows\system32\MRT.exe --------- 35452872
30.06.2010 14:10 C:\Windows\system32\FNTCACHE.DAT --------- 420832
28.06.2010 20:53 C:\Windows\system32\wbem --------- 65536
28.06.2010 20:52 C:\Windows\system32\wfp --------- 0
28.06.2010 20:52 C:\Windows\system32\MUI --------- 0
14.06.2010 16:45 C:\Windows\system32\TURegOpt.exe --------- 34632
14.06.2010 16:39 C:\Windows\system32\authuitu.dll --------- 25928
14.06.2010 16:39 C:\Windows\system32\uxtuneup.dll --------- 36168
12.06.2010 07:28 C:\Windows\system32\migration --------- 4096
02.06.2010 04:55 C:\Windows\system32\XAPOFX1_5.dll --------- 77656
02.06.2010 04:55 C:\Windows\system32\xactengine3_7.dll --------- 176984
02.06.2010 04:55 C:\Windows\system32\XAudio2_7.dll --------- 518488
27.05.2010 08:34 C:\Windows\system32\atmlib.dll --------- 46080
27.05.2010 06:11 C:\Windows\system32\atmfd.dll --------- 366080
26.05.2010 16:59 C:\Windows\system32\de-DE --------- 327680
26.05.2010 11:41 C:\Windows\system32\d3dcsx_43.dll --------- 1907552
26.05.2010 11:41 C:\Windows\system32\d3dx10_43.dll --------- 511328
26.05.2010 11:41 C:\Windows\system32\D3DCompiler_43.dll --------- 2526056
26.05.2010 11:41 C:\Windows\system32\d3dx11_43.dll --------- 276832
26.05.2010 11:41 C:\Windows\system32\D3DX9_43.dll --------- 2401112
21.05.2010 14:14 C:\Windows\system32\MpSigStub.exe --------- 270208
21.05.2010 07:52 C:\Windows\system32\wininet.dll --------- 1192960
21.05.2010 07:47 C:\Windows\system32\jsproxy.dll --------- 64512
19.05.2010 21:48 C:\Windows\system32\cdd.dll --------- 144384
11.05.2010 18:57 C:\Windows\system32\CanonIJ Uninstaller Information --------- 0
09.05.2010 11:46 C:\Windows\system32\CPFilters.dll --------- 961024
09.05.2010 11:45 C:\Windows\system32\msdri.dll --------- 552960
09.05.2010 11:44 C:\Windows\system32\MSNP.ax --------- 288256
09.05.2010 11:44 C:\Windows\system32\mpg2splt.ax --------- 258560
07.05.2010 12:39 C:\Windows\system32\klogon.dll --------- 233656
06.05.2010 15:02 C:\Windows\system32\urlmon.dll --------- 1493504
06.05.2010 15:00 C:\Windows\system32\mstime.dll --------- 1026048
06.05.2010 14:59 C:\Windows\system32\mshtml.dll --------- 9290240
06.05.2010 14:59 C:\Windows\system32\msfeedsbs.dll --------- 82944
06.05.2010 14:59 C:\Windows\system32\ieframe.dll --------- 12364288
06.05.2010 14:58 C:\Windows\system32\iedkcs32.dll --------- 445952
01.05.2010 17:07 C:\Windows\system32\win32k.sys --------- 3122176
23.04.2010 09:11 C:\Windows\system32\tzres.dll --------- 2048
16.04.2010 04:22 C:\Windows\system32\wdi --------- 4096
31.03.2010 00:55 C:\Windows\system32\wrap_oal.dll --------- 466520
31.03.2010 00:55 C:\Windows\system32\OpenAL32.dll --------- 122968
24.03.2010 08:59 C:\Windows\system32\ntdll.dll --------- 1736608
15.03.2010 19:32 C:\Windows\system32\LogFiles --------- 4096
08.03.2010 23:59 C:\Windows\system32\vbscript.dll --------- 612352
05.03.2010 09:52 C:\Windows\system32\asycfilt.dll --------- 84992
04.03.2010 09:57 C:\Windows\system32\inetcomm.dll --------- 976896
27.02.2010 17:17 C:\Windows\system32\ntoskrnl.exe --------- 5509008
24.02.2010 18:27 C:\Windows\system32\Wat --------- 0
24.02.2010 16:50 C:\Windows\system32\restore --------- 0
24.02.2010 16:36 C:\Windows\system32\Recovery --------- 0
23.02.2010 10:16 C:\Windows\system32\browserchoice.exe --------- 294912
11.02.2010 12:42 C:\Windows\system32\frapsv64.dll --------- 84992
04.02.2010 10:01 C:\Windows\system32\X3DAudio1_7.dll --------- 24920
04.02.2010 10:01 C:\Windows\system32\xactengine3_6.dll --------- 176984
04.02.2010 10:01 C:\Windows\system32\XAPOFX1_4.dll --------- 78680
04.02.2010 10:01 C:\Windows\system32\XAudio2_6.dll --------- 530776
03.02.2010 06:22 C:\Windows\system32\aticfx64.dll --------- 471552
03.02.2010 06:20 C:\Windows\system32\atio6axx.dll --------- 18594816
03.02.2010 06:19 C:\Windows\system32\atiapfxx.blb --------- 31240
03.02.2010 06:19 C:\Windows\system32\atiapfxx.exe --------- 143360
03.02.2010 06:17 C:\Windows\system32\ATIDEMGX.dll --------- 446464
03.02.2010 06:17 C:\Windows\system32\atieclxx.exe --------- 450048
03.02.2010 06:17 C:\Windows\system32\atiesrxx.exe --------- 202752
03.02.2010 06:15 C:\Windows\system32\atitmm64.dll --------- 120320
03.02.2010 06:15 C:\Windows\system32\atipdl64.dll --------- 420864
03.02.2010 06:15 C:\Windows\system32\atimuixx.dll --------- 12288
03.02.2010 06:14 C:\Windows\system32\atiedu64.dll --------- 59392
03.02.2010 06:04 C:\Windows\system32\atidxx64.dll --------- 3688960
03.02.2010 05:52 C:\Windows\system32\aticalrt64.dll --------- 43008
03.02.2010 05:52 C:\Windows\system32\aticalcl64.dll --------- 39936
03.02.2010 05:52 C:\Windows\system32\aticaldd64.dll --------- 4771840
03.02.2010 05:49 C:\Windows\system32\atiumd64.dll --------- 4736000
03.02.2010 05:43 C:\Windows\system32\atiumd6a.dll --------- 2649088
03.02.2010 05:40 C:\Windows\system32\atiumd6a.cap --------- 491104
03.02.2010 05:25 C:\Windows\system32\amdpcom64.dll --------- 53248
03.02.2010 05:25 C:\Windows\system32\atimpc64.dll --------- 53248
03.02.2010 05:24 C:\Windows\system32\atiadlxx.dll --------- 321536
----------------------------------------
C:\Windows\Prefetch
----------------------------------------
C:\Windows\Tasks
06.08.2010 13:55 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1106
06.08.2010 13:55 C:\Windows\Tasks\SA.DAT --------- 6
06.08.2010 03:52 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1110
16.06.2010 14:55 C:\Windows\Tasks\SCHEDLGU.TXT --------- 32640
16.06.2010 14:55 C:\Windows\Tasks\SCHEDLGU(41).TXT --------- 32640
----------------------------------------
C:\Windows\Temp
----------------------------------------
C:\Users\Dominik\AppData\Local\Temp
06.08.2010 13:55 C:\Users\Dominik\AppData\Local\Temp\WPDNSE --------- 0
06.08.2010 04:18 C:\Users\Dominik\AppData\Local\Temp\imageio7856982133307979432.tmp --------- 3467
06.08.2010 04:32 C:\Users\Dominik\AppData\Local\Temp\hsperfdata_Dominik --------- 0
06.08.2010 04:18 C:\Users\Dominik\AppData\Local\Temp\java_install_reg.log --------- 99502
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio4499841564497768695.tmp --------- 4391
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio4718556646985545836.tmp --------- 306
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio2619869870790218501.tmp --------- 973
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio7561414732949823244.tmp --------- 1475
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio4564354223575033437.tmp --------- 129
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio2287750976834585509.tmp --------- 5859
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio7914086328776846421.tmp --------- 4864
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio4231177760672219400.tmp --------- 2661
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio509927061817019779.tmp --------- 2237
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio6076934597738391026.tmp --------- 929
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio9053467716876875437.tmp --------- 889
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio8892262785115136246.tmp --------- 907
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio5866809727423961974.tmp --------- 124
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio8570718380395453699.tmp --------- 1070
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio3512631278593101908.tmp --------- 14177
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio8058745100309216022.tmp --------- 15104
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio8415209105727325669.tmp --------- 1778
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio1216884624619934432.tmp --------- 4593
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio6765726384400364843.tmp --------- 4283
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio7853927580496474983.tmp --------- 3570
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio7965120533336849886.tmp --------- 984
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio5507768520005868398.tmp --------- 814
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio6995144303966358771.tmp --------- 672
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio7732060559255075334.tmp --------- 502
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio968951595329431663.tmp --------- 10139
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio2092787791279088303.tmp --------- 9573
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio6626526862574629092.tmp --------- 8929
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio1086834406160111081.tmp --------- 8142
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio8313926441748136474.tmp --------- 7270
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio5193789080113936816.tmp --------- 5698
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio3968150091453661695.tmp --------- 4144
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio5935551140018559202.tmp --------- 3445
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio3608941785136874061.tmp --------- 2856
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio1355919548782413264.tmp --------- 948
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio7108819802059008180.tmp --------- 4748
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio4551319136850440586.tmp --------- 2888
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio8321490009697019209.tmp --------- 3062
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio3486892218549166348.tmp --------- 2693
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio7752828798510618371.tmp --------- 29278
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio5482251917003903250.tmp --------- 6059
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio2188741387545282949.tmp --------- 30229
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio2405948953781410458.tmp --------- 1747
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio2143288662293839709.tmp --------- 1793
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio4447363637923562377.tmp --------- 1349
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio1407332331459414421.tmp --------- 1598
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio1223447475009368379.tmp --------- 1575
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio7357642704286735113.tmp --------- 1176
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio252945569834577709.tmp --------- 2964
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio78547438940535625.tmp --------- 908
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio5198779363592265431.tmp --------- 928
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio727363480059839492.tmp --------- 914
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio7000584833818558375.tmp --------- 985
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio6708272540162126582.tmp --------- 917
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio6425687336250654975.tmp --------- 843
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio4063630589628315184.tmp --------- 5032
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio3526225993562861941.tmp --------- 4108
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio4290529111817570569.tmp --------- 4027
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio2371254187853386101.tmp --------- 4286
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio7746496674607888246.tmp --------- 4278
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio6305849233894790573.tmp --------- 4861
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio8004564212601996983.tmp --------- 4944
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio8036037969294254102.tmp --------- 5198
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio6992124002194312477.tmp --------- 5209
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio2456211615668111212.tmp --------- 5510
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio7672900360505756953.tmp --------- 5440
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio6012996961949634673.tmp --------- 5353
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio2671259592899259622.tmp --------- 41357
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio5538891056519319236.tmp --------- 80726
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio910805555467837515.tmp --------- 40759
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio337289691817644758.tmp --------- 40580
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio8833611669918101828.tmp --------- 3112
06.08.2010 03:49 C:\Users\Dominik\AppData\Local\Temp\imageio8250928504067308028.tmp --------- 3607
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio7718806185061707065.tmp --------- 7601
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio5833174805437461850.tmp --------- 2863
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio2663694311080705663.tmp --------- 1050
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio3031024378641350575.tmp --------- 291
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio1369135129057020662.tmp --------- 650
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio132063923242545409.tmp --------- 1797
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio8786779428599391777.tmp --------- 1559
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio6291471712676594405.tmp --------- 1638
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio2398743600687605436.tmp --------- 1568
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio1564618563078027366.tmp --------- 1498
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio4406807588444031570.tmp --------- 1563
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio8414258802879763628.tmp --------- 1425
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio9153963945999607928.tmp --------- 1331
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio8936990966631492897.tmp --------- 3634
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio4523178930315410467.tmp --------- 3923
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio1296821674978767035.tmp --------- 3902
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio437237470068715852.tmp --------- 3785
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio6144053866065585078.tmp --------- 3675
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio4422368476803836140.tmp --------- 3671
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio8919596671881924492.tmp --------- 3432
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio8236237624607188908.tmp --------- 3655
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio3990315007381882047.tmp --------- 3439
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio8486145873183759578.tmp --------- 3474
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio9102834718882380141.tmp --------- 3481
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio1669991531055599562.tmp --------- 3585
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio2421354975526548855.tmp --------- 3471
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio868796669192964692.tmp --------- 3274
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio2032445494726653774.tmp --------- 3426
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio1686857478008154538.tmp --------- 3571
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio8782929819963489296.tmp --------- 3737
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio1957219394453726413.tmp --------- 858
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio4565372123238236664.tmp --------- 468
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio6190547896969251834.tmp --------- 1914
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio1753999043371818028.tmp --------- 5013
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio1948162203690635625.tmp --------- 1202
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio3233025524987090635.tmp --------- 834
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio5397653648614229451.tmp --------- 33843
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio9081820902757361875.tmp --------- 5656
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio3554118556011036142.tmp --------- 1352
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio8807646706448687358.tmp --------- 3646
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio2220048536729050522.tmp --------- 4424
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio1248300358148692917.tmp --------- 11296
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio8937624309781519113.tmp --------- 5314
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio7952464925108347537.tmp --------- 16715
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio5721888078260292155.tmp --------- 237
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio8192926617217969677.tmp --------- 3556
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio5814240355166686692.tmp --------- 10716
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio1136844287899343799.tmp --------- 3539
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio931923390972331168.tmp --------- 3330
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio5575937511465950867.tmp --------- 40682
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio4360008393463655708.tmp --------- 27370
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio997532499418037371.tmp --------- 10851
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio6364431054238899227.tmp --------- 13406
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio3139173116840039219.tmp --------- 2528
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio6417857316321201479.tmp --------- 2164
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio8652841788963556692.tmp --------- 9345
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio4645351448524566844.tmp --------- 28053
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio1014395052741342133.tmp --------- 3942
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio15032993417406728.tmp --------- 5034
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio521142859971776950.tmp --------- 17998
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio6066179697895368731.tmp --------- 33388
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio3403154388818800042.tmp --------- 48552
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio8109587459406661417.tmp --------- 65605
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio4669353135961848163.tmp --------- 1897
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio3051064391663407385.tmp --------- 4508
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio5370799112137105004.tmp --------- 2917
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio7561338667330101506.tmp --------- 2110
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio6363431193509022404.tmp --------- 1121
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio8501513169254113069.tmp --------- 1323
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio799925820101863658.tmp --------- 1602
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio2479081172916407020.tmp --------- 135
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio757822036345737351.tmp --------- 298
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio2844989260574511232.tmp --------- 4270
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio490560030645153875.tmp --------- 8125
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio8868984110971441771.tmp --------- 8096
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio7582339552314497724.tmp --------- 8058
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio6725244221656295597.tmp --------- 7979
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio7955198980491461969.tmp --------- 7974
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio1977912492629249482.tmp --------- 7156
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio4625756746604457080.tmp --------- 6821
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio5767930226313953273.tmp --------- 2256
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio683966173408799559.tmp --------- 8838
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio1524573221212513691.tmp --------- 210
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio2844308029117398386.tmp --------- 907
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio2790722526422874534.tmp --------- 417
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio2767902282761225067.tmp --------- 1313
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio7026642107830027651.tmp --------- 1863
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio2370309210281128348.tmp --------- 174
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio462469175488900926.tmp --------- 187
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio5022784597601318404.tmp --------- 168
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio3047594881694819721.tmp --------- 3551
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio2613369825407493941.tmp --------- 236
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio6315661894901813357.tmp --------- 540
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio632634856523001895.tmp --------- 694
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio2567989503086699345.tmp --------- 144
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio3574515388492510484.tmp --------- 167
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio1286650549770297441.tmp --------- 1541
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio4483813698971966655.tmp --------- 216
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio4079392800341924308.tmp --------- 1012
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio8809854013568234975.tmp --------- 1751
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio4493465080419445685.tmp --------- 2850
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio2376570604963959996.tmp --------- 765
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio7433709992909157932.tmp --------- 2529
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio5066182373677391611.tmp --------- 2049
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio6793774353031239361.tmp --------- 233
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio8331956385268604410.tmp --------- 2185
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio7067332435106027111.tmp --------- 1578
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio8281526996735099463.tmp --------- 1591
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio4487622682987138377.tmp --------- 90
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio1128966279948150241.tmp --------- 2833
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio806156803156812003.tmp --------- 1347
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio585527343798839401.tmp --------- 258
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio9017075128807027859.tmp --------- 214
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio2377400454293925319.tmp --------- 999
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio4045950720046050282.tmp --------- 201
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio2240075230498441889.tmp --------- 12477
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio8747544155069862378.tmp --------- 124
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio1988950170969492903.tmp --------- 61
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio1021078294049091118.tmp --------- 7091
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio1268344779939104897.tmp --------- 3467
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio3751394459893294186.tmp --------- 672
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio4575611857337436733.tmp --------- 1751
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio2919122625375330047.tmp --------- 3557
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio8758503581265763085.tmp --------- 11026
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio2236326166230322866.tmp --------- 892
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio5222360394453909238.tmp --------- 6135
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio8199197497674539561.tmp --------- 3467
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio6525047956624078352.tmp --------- 3467
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio3400495588376476839.tmp --------- 3473
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio3999909346401813322.tmp --------- 300
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio720644792700550259.tmp --------- 1303
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio8906769540024848205.tmp --------- 12210
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio5433545220514797434.tmp --------- 17499
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio527618816242465200.tmp --------- 490
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio480963579546086416.tmp --------- 838
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio2710665742280831163.tmp --------- 147
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio2181031648666591918.tmp --------- 973
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio7265307344097978802.tmp --------- 212
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio5331932031754245119.tmp --------- 187
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio3005262526147822258.tmp --------- 198
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio1284888171387382610.tmp --------- 178
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio4501072957859135687.tmp --------- 590
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio3678319809720779837.tmp --------- 757
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio5129067872414172401.tmp --------- 1063
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio5465496890132172515.tmp --------- 265
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio3433520509573241763.tmp --------- 1083
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio6369463422961093198.tmp --------- 226
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio3557430796830408399.tmp --------- 1938
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio7743746496462065031.tmp --------- 246
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio308350955130791911.tmp --------- 433
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio8031871997609257482.tmp --------- 1837
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio2349060207792428998.tmp --------- 216
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio2498523693678602268.tmp --------- 2529
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio6437511273534850419.tmp --------- 198
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio5185006778249201866.tmp --------- 1751
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio4332811143466570563.tmp --------- 371
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio3351093358653721102.tmp --------- 1221
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio9202546512992312384.tmp --------- 629
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio634958846117436485.tmp --------- 631
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio4062302370216478323.tmp --------- 527
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio7513258451753094591.tmp --------- 684
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio27826584986291404.tmp --------- 1922
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio2131884360240592220.tmp --------- 1412
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio4845496026787533905.tmp --------- 889
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio3416641094313252404.tmp --------- 111
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio4402033949541943496.tmp --------- 610
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio2499537145464811268.tmp --------- 53404
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio6718876736486545648.tmp --------- 69547
06.08.2010 03:48 C:\Users\Dominik\AppData\Local\Temp\imageio879263621154586845.tmp --------- 981
06.08.2010 03:38 C:\Users\Dominik\AppData\Local\Temp\FAPD8CE.tmp --------- 4
06.08.2010 03:38 C:\Users\Dominik\AppData\Local\Temp\FAPD8AC.tmp --------- 4
06.08.2010 03:38 C:\Users\Dominik\AppData\Local\Temp\FAPCC46.tmp --------- 4
06.08.2010 03:25 C:\Users\Dominik\AppData\Local\Temp\outlook logging --------- 0
06.08.2010 02:13 C:\Users\Dominik\AppData\Local\Temp\supgame_75714 --------- 0
06.08.2010 02:01 C:\Users\Dominik\AppData\Local\Temp\imageio3277253732987742869.tmp --------- 626
06.08.2010 01:14 C:\Users\Dominik\AppData\Local\Temp\MSI7500.LOG --------- 9181754
06.08.2010 01:14 C:\Users\Dominik\AppData\Local\Temp\ucaevents.log --------- 890984
06.08.2010 01:12 C:\Users\Dominik\AppData\Local\Temp\kl-install-2010-08-06-01-10-10.log --------- 455062
06.08.2010 01:12 C:\Users\Dominik\AppData\Local\Temp\kl-cleanapi-2010-08-06-01-12-01.log --------- 490
06.08.2010 01:10 C:\Users\Dominik\AppData\Local\Temp\kl-setup-2010-08-06-01-10-10.log --------- 8068
06.08.2010 01:10 C:\Users\Dominik\AppData\Local\Temp\tmp8278.tmp --------- 31630
06.08.2010 00:56 C:\Users\Dominik\AppData\Local\Temp\msdtadmin --------- 0
06.08.2010 00:55 C:\Users\Dominik\AppData\Local\Temp\msdt --------- 0
06.08.2010 00:02 C:\Users\Dominik\AppData\Local\Temp\SDIAG_4a9e4652-d26d-4591-a249-0d17ba3d0230 --------- 0
06.08.2010 00:02 C:\Users\Dominik\AppData\Local\Temp\SDIAG_2c6430dc-46cc-482c-812c-920655e57dce --------- 0
06.08.2010 00:00 C:\Users\Dominik\AppData\Local\Temp\WERDED9.tmp.appcompat.txt --------- 56834
05.08.2010 23:47 C:\Users\Dominik\AppData\Local\Temp\hs_err_pid3380.log --------- 13623
05.08.2010 23:01 C:\Users\Dominik\AppData\Local\Temp\BFBC2Updater.log --------- 46150
05.08.2010 21:40 C:\Users\Dominik\AppData\Local\Temp\Low --------- 0
05.08.2010 17:41 C:\Users\Dominik\AppData\Local\Temp\SkypeSetup.exe --------- 785408
05.08.2010 16:35 C:\Users\Dominik\AppData\Local\Temp\ge3224 --------- 0
05.08.2010 00:49 C:\Users\Dominik\AppData\Local\Temp\ge1424 --------- 0
05.08.2010 00:48 C:\Users\Dominik\AppData\Local\Temp\geColladaModelCacheLock --------- 0
05.08.2010 00:48 C:\Users\Dominik\AppData\Local\Temp\geIconCacheLock --------- 0
05.08.2010 00:48 C:\Users\Dominik\AppData\Local\Temp\isEF62.tmp --------- 0
05.08.2010 00:48 C:\Users\Dominik\AppData\Local\Temp\._msigeplugin52 --------- 0
04.08.2010 20:11 C:\Users\Dominik\AppData\Local\Temp\AdobeARM.log --------- 32969
04.08.2010 19:41 C:\Users\Dominik\AppData\Local\Temp\{F4827D85-7E0A-433A-A71C-7236FF721445} --------- 0
04.08.2010 19:41 C:\Users\Dominik\AppData\Local\Temp\{64551B98-DE01-4050-BF32-84BAEE9F8028} --------- 0
04.08.2010 19:40 C:\Users\Dominik\AppData\Local\Temp\dd_vcredistUI5D4B.txt --------- 11488
04.08.2010 19:40 C:\Users\Dominik\AppData\Local\Temp\dd_vcredistMSI5D4B.txt --------- 429284
04.08.2010 19:37 C:\Users\Dominik\AppData\Local\Temp\{06437412-84E7-4AB9-A708-168FBDD2AEF4} --------- 0
04.08.2010 19:30 C:\Users\Dominik\AppData\Local\Temp\{ED782C7F-317A-4720-B630-017670FC93DD} --------- 0
04.08.2010 19:30 C:\Users\Dominik\AppData\Local\Temp\{6CB03C15-6FFC-4F1A-8557-A800CB8ED5B2} --------- 0
04.08.2010 19:29 C:\Users\Dominik\AppData\Local\Temp\plugtmp-1 --------- 0
04.08.2010 18:46 C:\Users\Dominik\AppData\Local\Temp\{dafeb340-ea76-4e85-9612-4f3dc8e1ae78} --------- 0
04.08.2010 15:38 C:\Users\Dominik\AppData\Local\Temp\ARMA 2 Operation Arrowhead DEMO - Installer --------- 0
04.08.2010 15:38 C:\Users\Dominik\AppData\Local\Temp\plugtmp-2 --------- 0
04.08.2010 15:38 C:\Users\Dominik\AppData\Local\Temp\plugtmp-3 --------- 0
04.08.2010 15:38 C:\Users\Dominik\AppData\Local\Temp\supgame_74391 --------- 0
04.08.2010 01:00 C:\Users\Dominik\AppData\Local\Temp\Creative_Audio_Engine_Cleanup.0001.dir.0001 --------- 0
04.08.2010 01:00 C:\Users\Dominik\AppData\Local\Temp\Creative_Audio_Engine_Cleanup.0001 --------- 59964
03.08.2010 14:09 C:\Users\Dominik\AppData\Local\Temp\plugtmp-5 --------- 0
03.08.2010 03:33 C:\Users\Dominik\AppData\Local\Temp\scoped_dir570 --------- 0
03.08.2010 03:33 C:\Users\Dominik\AppData\Local\Temp\scoped_dir10952 --------- 0
03.08.2010 03:10 C:\Users\Dominik\AppData\Local\Temp\{5A75C53A-0A55-4797-82EE-50FAB0AA49D3} --------- 0
03.08.2010 03:10 C:\Users\Dominik\AppData\Local\Temp\CTZapLog.txt --------- 5754
03.08.2010 03:10 C:\Users\Dominik\AppData\Local\Temp\{3441B85D-091F-49FF-9928-5B325FB99BBD} --------- 0
03.08.2010 03:09 C:\Users\Dominik\AppData\Local\Temp\VerChk.txt --------- 175
02.08.2010 23:37 C:\Users\Dominik\AppData\Local\Temp\UserInfoSetup(201008022336187EC).log --------- 16426
02.08.2010 23:36 C:\Users\Dominik\AppData\Local\Temp\SetupExe(201008022336187EC).log --------- 3974
02.08.2010 23:36 C:\Users\Dominik\AppData\Local\Temp\UserInfoSetup(20100802233449A0C).log --------- 16450
02.08.2010 23:34 C:\Users\Dominik\AppData\Local\Temp\SetupExe(20100802233448A0C).log --------- 3974
02.08.2010 23:34 C:\Users\Dominik\AppData\Local\Temp\UserInfoSetup(20100802233244998).log --------- 16450
02.08.2010 23:32 C:\Users\Dominik\AppData\Local\Temp\SetupExe(20100802233243998).log --------- 3974
02.08.2010 21:53 C:\Users\Dominik\AppData\Local\Temp\plugtmp-4 --------- 0
02.08.2010 21:23 C:\Users\Dominik\AppData\Local\Temp\supgame_75644 --------- 0
01.08.2010 19:00 C:\Users\Dominik\AppData\Local\Temp\plugtmp --------- 0
01.08.2010 04:14 C:\Users\Dominik\AppData\Local\Temp\Creative_Audio_Engine_Cleanup.0001.dir.0000 --------- 0
29.07.2010 13:35 C:\Users\Dominik\AppData\Local\Temp\s1914 --------- 0
29.07.2010 03:23 C:\Users\Dominik\AppData\Local\Temp\BFBC2Game_Data_DFE --------- 0
17.05.2010 14:25 C:\Users\Dominik\AppData\Local\Temp\History --------- 0
17.05.2010 14:25 C:\Users\Dominik\AppData\Local\Temp\Temporary Internet Files --------- 0
24.02.2010 16:37 C:\Users\Dominik\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0
----------------------------------------
C:\Program Files
06.08.2010 00:15 C:\Program Files\KaloMa --------- 4096
03.08.2010 03:08 C:\Program Files\Creative --------- 0
02.07.2010 20:05 C:\Program Files\Common Files --------- 4096
28.06.2010 20:52 C:\Program Files\Ventrilo --------- 4096
12.06.2010 07:28 C:\Program Files\Internet Explorer --------- 4096
17.05.2010 23:23 C:\Program Files\JDownloader --------- 4096
12.05.2010 16:06 C:\Program Files\Windows Mail --------- 4096
11.05.2010 23:22 C:\Program Files\Microsoft Office --------- 0
11.05.2010 18:51 C:\Program Files\CanonBJ --------- 0
13.03.2010 19:54 C:\Program Files\FeedExpress --------- 4096
27.02.2010 00:11 C:\Program Files\Fraps --------- 4096
26.02.2010 23:48 C:\Program Files\ATI Technologies --------- 0
25.02.2010 15:37 C:\Program Files\FeedReader30 --------- 4096
24.02.2010 21:59 C:\Program Files\WinRAR --------- 4096
24.02.2010 19:19 C:\Program Files\Windows Media Player --------- 4096
24.02.2010 16:40 C:\Program Files\ATI --------- 0
24.02.2010 16:36 C:\Program Files\Windows NT --------- 4096
24.02.2010 16:36 C:\Program Files\Gemeinsame Dateien --------- 0
14.07.2009 20:18 C:\Program Files\DVD Maker --------- 4096
14.07.2009 20:18 C:\Program Files\Windows Journal --------- 4096
14.07.2009 19:58 C:\Program Files\Windows Sidebar --------- 4096
14.07.2009 19:58 C:\Program Files\Windows Photo Viewer --------- 4096
14.07.2009 19:58 C:\Program Files\Windows Defender --------- 4096
14.07.2009 07:32 C:\Program Files\Windows Portable Devices --------- 0
14.07.2009 07:32 C:\Program Files\Reference Assemblies --------- 0
14.07.2009 07:32 C:\Program Files\MSBuild --------- 0
14.07.2009 07:09 C:\Program Files\Uninstall Information --------- 0
14.07.2009 06:54 C:\Program Files\desktop.ini --------- 174
----------------------------------------
C:\ProgramData\..
Dominik
Default
Public
Default User
All Users
desktop.ini
----------------------------------------
C:\Windows\system32\drivers\etc\hosts
----------------------------------------
Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process 0 Services 0 24 K
System 4 Services 0 17.420 K
smss.exe 348 Services 0 1.204 K
csrss.exe 440 Services 0 4.352 K
wininit.exe 504 Services 0 4.756 K
csrss.exe 524 Console 1 6.916 K
winlogon.exe 584 Console 1 7.472 K
services.exe 628 Services 0 9.544 K
lsass.exe 648 Services 0 11.156 K
lsm.exe 656 Services 0 4.320 K
svchost.exe 780 Services 0 9.608 K
svchost.exe 868 Services 0 8.200 K
atiesrxx.exe 944 Services 0 4.568 K
svchost.exe 1012 Services 0 24.848 K
svchost.exe 376 Services 0 109.920 K
svchost.exe 520 Services 0 46.224 K
CTAudSvc.exe 1104 Services 0 4.444 K
svchost.exe 1156 Services 0 15.420 K
vpnagent.exe 1312 Services 0 8.568 K
atieclxx.exe 1336 Console 1 6.276 K
svchost.exe 1372 Services 0 29.156 K
spoolsv.exe 1564 Services 0 12.132 K
svchost.exe 1612 Services 0 12.628 K
avp.exe 1716 Services 0 229.268 K
dwm.exe 1948 Console 1 32.924 K
taskhost.exe 2024 Console 1 9.924 K
explorer.exe 1280 Console 1 58.912 K
NMSAccessU.exe 2088 Services 0 3.280 K
PnkBstrA.exe 2144 Services 0 4.196 K
svchost.exe 2176 Services 0 5.512 K
TuneUpUtilitiesService64. 2212 Services 0 12.940 K
TuneUpUtilitiesApp64.exe 3060 Console 1 9.280 K
SearchIndexer.exe 1996 Services 0 22.900 K
GammaTray.exe 2916 Console 1 5.256 K
svchost.exe 3308 Services 0 5.616 K
svchost.exe 3380 Services 0 8.992 K
VolPanlu.exe 3572 Console 1 15.800 K
Ctxfihlp.exe 3624 Console 1 8.708 K
avp.exe 3660 Console 1 18.524 K
MOM.exe 3732 Console 1 5.732 K
wmpnetwk.exe 3868 Services 0 2.048 K
CTxfispi.exe 3984 Console 1 10.484 K
CCC.exe 2344 Console 1 19.568 K
firefox.exe 2624 Console 1 173.184 K
klwtblfs.exe 2056 Console 1 6.564 K
svchost.exe 4224 Services 0 47.328 K
MagicTune.exe 2512 Console 1 27.668 K
avp.exe 3016 Services 0 27.916 K
SearchProtocolHost.exe 4408 Services 0 8.892 K
svchost.exe 2504 Services 0 3.104 K
cmd.exe 4204 Console 1 4.068 K
conhost.exe 4416 Console 1 5.760 K
taskhost.exe 5012 Services 0 14.384 K
dllhost.exe 1120 Console 1 6.492 K
SearchFilterHost.exe 5000 Services 0 7.136 K
tasklist.exe 2452 Console 1 6.024 K
WmiPrvSE.exe 2008 Services 0 6.772 K
***** Ende des Scans 06.08.2010 um 14:14:25,48 ***
Code:
ATTFilter Adobe Flash Player 10 Plugin Adobe Systems Incorporated 23.02.2010 10.0.45.2
Adobe Reader 9.3.3 - Deutsch Adobe Systems Incorporated 30.06.2010 240,9MB 9.3.3
ANNO 1404 Ubisoft 16.03.2010 1.00.0000
ARMA 2 Operation Arrowhead Uninstall 23.07.2010
ArmA2 Uninstall 23.02.2010
ATI Catalyst Install Manager ATI Technologies, Inc. 26.02.2010 3.0.762.0
Battlefield: Bad Company™ 2 Electronic Arts 14.03.2010 1.772,6MB 1.0.0.0
BattlEye Uninstall 23.02.2010
Canon MP Navigator 3.0 10.05.2010
Canon MP160 23.02.2010
CCleaner Piriform 05.08.2010 2.34
CDBurnerXP CDBurnerXP 21.05.2010 12,0MB 4.3.2.2140
Cisco AnyConnect VPN Client Cisco Systems, Inc. 29.07.2010 3,92MB 2.4.0202
Creative 3DMIDI Player Creative Technology Limited 02.08.2010 1.11
Creative Audio-Systemsteuerung Creative Technology Limited 02.08.2010 3.00
Creative Konsole Starter Creative Technology Limited 02.08.2010 2.61
Creative Software AutoUpdate Creative Technology Limited 06.03.2010 1.40
Creative Sound Blaster Properties x64 Edition Creative Technology Limited 06.03.2010
DiRT 2 Codemasters 29.03.2010
DivX-Setup DivX, Inc. 23.03.2010 1.0.0.450
Dolby Digital Live Pack Creative Technology Limited 23.02.2010
DTS Connect Pack 23.02.2010
FeedReader i-Systems Inc. 24.02.2010
Fraps 25.02.2010
Free Audio CD Burner version 1.2 DVDVideoSoft Limited. 05.03.2010
Free YouTube to MP3 Converter version 3.2 DVDVideoSoft Limited. 05.03.2010
Google Earth Plug-in Google 04.08.2010 40,4MB 5.2.1.1329
Grand Theft Auto IV Rockstar Games 16.05.2010 1.00.0000
HLSW v1.3.2.1 Timo Stripf 10.03.2010
Java(TM) 6 Update 15 Sun Microsystems, Inc. 27.02.2010 95,0MB 6.0.150
JDownloader AppWork UG (haftungsbeschränkt) 27.02.2010 0.89
JMicron JMB36X Driver JMICRON Technology Corp. 23.02.2010 1.00.0000
KaloMa 4.80 Frank Böpple 24.02.2010
Kaspersky Internet Security 2011 Kaspersky Lab 05.08.2010 11.0.0.232
Keynote Connector 16.05.2010
Last.fm 1.5.4.24567 Last.fm 13.04.2010
MagicTunePremium Samsung Electronics Ltd. 03.08.2010 2.0.09
Malwarebytes' Anti-Malware Malwarebytes Corporation 05.08.2010 8,51MB
Medieval CUE Splitter Medieval Software 18.04.2010 1,66MB 1.2.0
Microsoft Games for Windows - LIVE Microsoft Corporation 30.03.2010 8,31MB 3.1.186.0
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 19.06.2010 32,3MB 3.2.3.0
Microsoft Office Professional 2007-Testversion Microsoft Corporation 10.05.2010 12.0.4518.1014
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 30.03.2010 2,38MB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 24.02.2010 8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 04.08.2010 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 26.02.2010 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 10.03.2010 0,58MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 27.06.2010 0,58MB 9.0.30729.4148
Miranda IM 0.8.15 23.02.2010
Mozilla Firefox (3.6.8) Mozilla 24.07.2010 3.6.8 (de)
Mozilla Thunderbird (3.0.6) Mozilla 20.07.2010 3.0.6 (de)
Need for Speed™ SHIFT Electronic Arts 10.07.2010 1.226,6MB 1.0.0.0
Need For Speed™ World Electronic Arts 30.06.2010 1.0.0.41
NVIDIA PhysX NVIDIA Corporation 10.07.2010 120,1MB 9.09.0720
OpenAL 02.08.2010
Operation Flashpoint: Dragon Rising Codemasters 05.03.2010
OverclockingCenter MSI, Inc. 23.02.2010
pdfsam 29.06.2010 2.2.0
PunkBuster Services Even Balance, Inc. 14.03.2010 0.988
Rapture3D 2.3.26 Game Blue Ripple Sound 30.03.2010
Rockstar Games Social Club Rockstar Games 16.05.2010 1.00.0000
Skype™ 4.2 Skype Technologies S.A. 20.03.2010 31,7MB 4.2.155
Sound Blaster X-Fi Creative Technology Limited 02.08.2010 1.0
SPSS Statistics 17.0 SPSS Inc. 28.06.2010 685,9MB 17.0.0
Steam Valve Corporation 05.03.2010 1,49MB 1.0.0.0
TeamSpeak 3 Client TeamSpeak Systems GmbH 16.06.2010
TuneUp Utilities TuneUp Software 30.06.2010 9.0.4300.9
Ubisoft Game Launcher UBISOFT 12.03.2010 1.0.0.0
Uninstall 1.0.0.1 05.03.2010
Ventrilo Client for Windows x64 Flagship Industries, Inc. 07.03.2010 3.0.5.0
VLC media player 1.0.5 VideoLAN Team 23.03.2010 1.0.5
Winamp Nullsoft, Inc 26.03.2010 5.572
Winamp Erkennungs-Plug-in Nullsoft, Inc 26.03.2010 0,12MB 1.0.0.1
Windows Media Player Firefox Plugin Microsoft Corp 25.05.2010 0,29MB 1.0.0.8
WinRAR 24.02.2010
|
|
07.08.2010, 00:27
| #4 | |
| /// Helfer-Team | Antivirus Software Alert -Virus hi Prüfung und Systemreinigung: 1. Zitat:
C:\Users\xxxxx\AppData\Local\Temp--> lösche nur den Inhalt der Ordner, nicht die Ordner selbst oder klicke auf Start-> Suche-> %temp% reinschreiben... 2. Öffne CCleaner
3. Führe dann einen Komplett-Systemcheck mit Nod32 - die Scanergebnis als *.txt Dateien speichern) - (ESET Online Scanner Vor dem Scan Einstellungen im Internet Explorer: - "Extras→ Internetoptionen→ Sicherheit": - alles auf Standardstufe stellen - Active X erlauben 4. lade Dir TrendMicro™ HijackThis™/Version 2.0.4[/b] *von hier**von hier* herunter HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen" |
|
07.08.2010, 01:56
| #5 |
| | Antivirus Software Alert -Virus Hi! Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 02:55:11, on 07.08.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\MagicTune Premium\GammaTray.exe C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe C:\Windows\SysWOW64\Ctxfihlp.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe C:\Windows\SysWOW64\CTXFISPI.EXE C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\trend micro\HiJackThis\HiJackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'Default user') O4 - Global Startup: GammaTray.exe.lnk = ? O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8413 bytes |
|
09.08.2010, 12:26
| #6 |
| /// Helfer-Team | Antivirus Software Alert -Virus hi 1. Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten): HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen Code:
ATTFilter R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
Panda ActiveScan durchlaufen lassen - Du musst Dich registrieren - Newsletter abwählen! Log speichern →posten Vor dem Scan Einstellungen im Internet Explorer: - "Extras→ Internetoptionen→ Sicherheit": - alles auf Standardstufe stellen - Active X erlauben ** wie verhält sich den dein System? |
|
| Themen zu Antivirus Software Alert -Virus |
| .dll, 4d36e972-e325-11ce-bfc1-08002be10318, adblock, adobe, alert, antivirus, autorun, avp.exe, bho, c:\windows\system32\rundll32.exe, cdburnerxp, components, error, explorer, extras.txt, firefox, firefox.exe, format, infizierte, infizierte dateien, internet security 2011, kaspersky, langs, local\temp, location, logfile, media center, mozilla, mozilla thunderbird, mp3, need for speed, neustart, nvstor.sys, oldtimer, otl scan, otl.exe, otl.txt, plug-in, problem, programdata, realtek, registry, rundll, scan, scan ausgeführt, searchplugins, skype.exe, software, sptd.sys, staropen, start menu, syswow64, tastatur, temp, webcheck, wrapper |
Hybrid-Darstellung
