| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundespolizei VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.08.2011, 10:51
| #1 |
 |  Bundespolizei Virus Hallo, ich habe nun auch den Bundespolizei-Virus. Ich habe mir schon die Boot-CD mit OTLPENet.exe gemacht, sowie OTLP gestartet. Hier sind die Logs: OTL.txt: Code:
ATTFilter OTL logfile created on: 8/7/2011 12:36:47 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): c:\pagefile.sys 6000 18000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.63 Gb Total Space | 579.76 Gb Free Space | 82.98% Space Free | Partition Type: NTFS
Drive D: | 122.28 Mb Total Space | 94.59 Mb Free Space | 77.36% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/07/02 08:11:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/15 08:05:52 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/28 15:55:15 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/16 05:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/25 08:10:01 | 000,079,360 | ---- | M] (Creative Labs) [Disabled] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/09/24 14:03:00 | 000,079,360 | ---- | M] (Creative Labs) [Disabled] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/04/30 07:23:26 | 000,090,112 | ---- | M] () [Auto] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/19 20:03:00 | 000,368,640 | R--- | M] (AVM Berlin) [Auto] -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2009/02/23 05:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2009/02/23 05:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Disabled] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/10/20 16:18:26 | 000,071,096 | ---- | M] () [Auto] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/07/02 08:11:24 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/02 08:11:24 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/10/02 07:15:47 | 000,314,016 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/10/02 07:15:47 | 000,043,680 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/03 20:48:50 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV:64bit: - [2009/06/03 20:48:50 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2009/06/03 20:48:38 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV:64bit: - [2009/06/03 20:48:38 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2009/06/03 20:48:30 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV:64bit: - [2009/06/03 20:48:30 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2009/04/08 09:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/03/19 21:03:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2009/01/13 13:14:58 | 000,057,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/01/13 13:14:50 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/01/13 13:14:40 | 000,036,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2009/01/13 13:14:30 | 000,034,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/01/13 13:14:22 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2008/08/18 13:37:45 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2008/05/16 07:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008/05/16 07:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV:64bit: - [2008/05/16 07:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/05/16 07:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008/05/16 07:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV:64bit: - [2008/05/16 07:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008/05/16 07:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV:64bit: - [2008/02/02 16:24:00 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1E60x64.sys -- (L1E)
DRV:64bit: - [2008/01/20 22:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/09 07:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2007/03/05 06:03:59 | 002,048,824 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2007/03/05 06:03:48 | 000,147,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2007/03/05 06:03:26 | 000,290,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2007/03/05 06:03:20 | 000,017,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2007/03/05 06:03:13 | 000,218,424 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2007/03/05 06:02:53 | 000,862,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2007/03/05 06:02:47 | 000,580,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2007/03/05 05:58:53 | 000,123,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV:64bit: - [2007/03/05 05:58:48 | 000,252,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV:64bit: - [2007/03/05 05:58:43 | 001,571,128 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV:64bit: - [2007/03/05 05:58:37 | 000,363,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV:64bit: - [2007/03/05 05:58:29 | 000,190,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV:64bit: - [2007/03/05 05:58:24 | 000,142,136 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV:64bit: - [2007/03/05 05:58:18 | 000,321,848 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV:64bit: - [2007/03/05 05:58:12 | 000,219,448 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV:64bit: - [2007/03/05 05:58:07 | 000,681,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV:64bit: - [2007/03/05 05:58:01 | 000,700,216 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV:64bit: - [2007/03/05 05:57:52 | 000,157,496 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV:64bit: - [2007/02/08 13:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV:64bit: - [2007/01/23 03:20:34 | 000,040,216 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vcd9bus.sys -- (vcd9bus)
DRV:64bit: - [2007/01/18 10:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/12/27 19:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2006/10/31 11:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/08/11 09:50:02 | 000,078,208 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV:64bit: - [2006/07/05 08:41:45 | 000,075,640 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV:64bit: - [2006/06/14 10:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2002/07/17 11:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Andreas_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\Andreas_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\Andreas_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Andreas_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Andreas_ON_C\..\URLSearchHook: {38542454-dfb6-44f5-b052-d4e071a3d073} - Reg Error: Key error. File not found
IE - HKU\Andreas_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\Opera\program\plugins\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/03/03 08:45:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/06/28 10:15:59 | 000,000,000 | ---D | M]
[2010/11/21 17:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\Mozilla\Extensions
[2010/11/21 17:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - No CLSID value found.
O3 - HKU\Andreas_ON_C\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\Andreas_ON_C\..\Toolbar\WebBrowser: (no name) - {38542454-DFB6-44F5-B052-D4E071A3D073} - No CLSID value found.
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKU\Andreas_ON_C..\Run: [4Y3Y0C3A8F7XZA5WSGYKCA] C:\Recycle.Bin\B6232F3A820.exe (Got Idle Testy Glob)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} hxxp://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab (GameTap Web Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://tonline.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://tonline.oberon-media.com/gameshell/games/channel--110403623/lc--de/room--5800b24c-f8d7-4149-81c2-3a7f7a5a1891/online/peggle/de/popcaploader_v10_en.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Andreas_ON_C Winlogon: Shell - (C:\Users\Andreas\AppData\Local\Temp\0.33536889630437516.exe) - C:\Users\Andreas\AppData\Local\Temp\0.33536889630437516.exe ()
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{36b06e10-6d53-11dd-a410-00221517ba50}\Shell - "" = AutoRun
O33 - MountPoints2\{36b06e10-6d53-11dd-a410-00221517ba50}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{6a6fda10-e123-11df-822b-00221517ba50}\Shell - "" = AutoRun
O33 - MountPoints2\{6a6fda10-e123-11df-822b-00221517ba50}\Shell\AutoRun\command - "" = E:\pushinst.exe
O33 - MountPoints2\{e97f9dc0-d2f0-11de-9e9a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e97f9dc0-d2f0-11de-9e9a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{e97f9dc0-d2f0-11de-9e9a-806e6f6e6963}\Shell\directx\command - "" = D:\DirectX9\dxsetup.exe
O33 - MountPoints2\{e97f9dc0-d2f0-11de-9e9a-806e6f6e6963}\Shell\setup\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/08/07 12:30:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/27 12:46:21 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KaM - The Peasants Rebellion
[2011/07/27 12:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KaM - The Peasants Rebellion
[2011/07/27 12:45:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KaM - The Peasants Rebellion
[2011/07/24 09:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/07/24 09:15:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/07/24 09:13:41 | 006,284,664 | ---- | C] (Microsoft Corporation) -- C:\Users\Andreas\Documents\Silverlight.exe
[2011/07/13 10:25:14 | 001,210,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2011/07/13 10:25:11 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/07/13 10:25:11 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2010/11/06 17:53:25 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeC325.dll
[2010/09/26 07:35:04 | 000,034,816 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2009/06/03 18:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[15 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/08/06 18:22:38 | 000,064,756 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000001-00001102-00000005-00291102}.rfx
[2011/08/06 18:22:38 | 000,062,256 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000005-00291102}.rfx
[2011/08/06 18:22:38 | 000,062,256 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000001-00001102-00000005-00291102}.rfx
[2011/08/06 18:22:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/06 18:22:34 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/06 18:22:34 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/06 18:14:31 | 000,777,460 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/08/06 18:14:31 | 000,720,492 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/06 18:14:31 | 000,190,712 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/08/06 18:14:31 | 000,154,962 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/06 18:04:32 | 000,064,756 | ---- | M] () -- C:\Windows\System32\DVCState-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx
[2011/08/06 18:04:32 | 000,060,844 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx
[2011/08/06 18:04:32 | 000,060,844 | ---- | M] () -- C:\Windows\System32\BMXState-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx
[2011/08/06 17:27:40 | 000,531,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/06 14:41:47 | 000,292,437 | ---- | M] () -- C:\Users\Andreas\Desktop\8FF6FB1520F458D8E684D7B0514177B7F3AED93A.torrent
[2011/08/06 11:26:59 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AAC9CB54-4DEE-43C7-9291-CF5B1E98A3A1}.job
[2011/07/27 15:40:22 | 000,000,930 | ---- | M] () -- C:\Users\Andreas\Desktop\KaM - The Peasants Rebellion.lnk
[2011/07/27 12:46:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KaM - The Peasants Rebellion
[2011/07/26 12:31:30 | 000,019,968 | ---- | M] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/24 09:15:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/07/24 09:14:52 | 006,284,664 | ---- | M] (Microsoft Corporation) -- C:\Users\Andreas\Documents\Silverlight.exe
[2011/07/19 09:27:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VistaCodecs
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[15 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/08/06 14:41:47 | 000,292,437 | ---- | C] () -- C:\Users\Andreas\Desktop\8FF6FB1520F458D8E684D7B0514177B7F3AED93A.torrent
[2011/07/27 15:40:22 | 000,000,930 | ---- | C] () -- C:\Users\Andreas\Desktop\KaM - The Peasants Rebellion.lnk
[2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/26 09:41:17 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010/10/31 08:02:34 | 000,000,680 | ---- | C] () -- C:\Users\Andreas\AppData\Local\d3d9caps.dat
[2010/10/26 15:53:39 | 000,001,460 | ---- | C] () -- C:\Users\Andreas\AppData\Local\d3d9caps64.dat
[2010/10/24 17:48:38 | 000,017,043 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\UserTile.png
[2010/09/26 07:35:04 | 000,325,724 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010/09/26 07:35:04 | 000,313,207 | ---- | C] () -- C:\Windows\SysWow64\ctstatic.dat
[2010/09/26 07:35:04 | 000,055,904 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010/09/26 07:35:04 | 000,053,932 | ---- | C] () -- C:\Windows\SysWow64\ctdaught.dat
[2010/09/26 07:35:04 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010/06/11 06:00:57 | 000,000,473 | ---- | C] () -- C:\Windows\eReg.dat
[2010/04/16 17:24:33 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\KMVIDC32.DLL
[2009/12/18 07:38:05 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\AscSQLite.dll
[2009/11/04 13:09:27 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2009/10/25 10:58:05 | 000,000,095 | ---- | C] () -- C:\Users\Andreas\AppData\Local\fusioncache.dat
[2009/09/24 11:34:10 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2009/09/24 06:26:38 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/24 06:26:10 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/24 06:25:46 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/19 05:17:51 | 000,019,968 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/04 10:17:47 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\UpdateDriver.exe
[2009/08/04 10:17:47 | 000,005,224 | ---- | C] () -- C:\Windows\SysWow64\ucuiinfo.ini
[2009/06/03 19:37:08 | 000,097,713 | R--- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009/06/03 18:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009/06/03 18:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2009/05/30 08:16:28 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2009/05/29 11:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 11:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/05/27 03:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009/04/06 16:33:45 | 000,000,000 | ---- | C] () -- C:\Windows\zSpy.INI
[2009/04/05 11:05:37 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/01/30 08:31:36 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009/01/30 08:31:36 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2009/01/30 08:31:36 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2009/01/30 08:24:43 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008/08/20 15:43:38 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/08/20 05:39:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/08/18 14:08:26 | 000,000,374 | ---- | C] () -- C:\Windows\wininit.ini
[2008/08/18 13:05:28 | 000,000,044 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008/08/15 05:39:11 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2008/08/15 05:39:10 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2008/08/15 05:39:10 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2008/08/15 05:19:41 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BelkinInsDrvZD.dll
[2008/08/15 05:19:41 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ZyDelReg.exe
[2008/08/15 05:19:41 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\BelkinPlugMessageBox9x.exe
[2008/08/15 05:19:41 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\BelkinUnplugMessageBox.exe
[2008/08/15 05:19:41 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\BelkinPlugMessageBox.exe
[2008/08/13 04:13:06 | 001,723,252 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/08/13 04:11:57 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2008/08/13 04:11:56 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2008/08/13 04:11:56 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2008/07/23 12:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/07/23 12:46:38 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/09/04 07:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007/03/05 03:10:20 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBURST.DLL
[2007/03/05 03:09:04 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\PSCONV.EXE
[2007/02/05 15:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 11:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005/10/04 11:28:12 | 000,071,680 | ---- | C] () -- C:\Windows\SysWow64\CTMMACTL.DLL
[2002/08/13 11:04:12 | 000,217,088 | R--- | C] () -- C:\Windows\SysWow64\MafiaSetup.exe
[1933/10/17 04:19:52 | 007,254,894 | ---- | C] () -- C:\Windows\SysWow64\speed.exe
[1933/10/17 04:19:52 | 000,380,928 | R--- | C] () -- C:\Windows\SysWow64\server.dll
========== LOP Check ==========
[2011/08/06 14:52:54 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Azureus
[2010/07/19 06:05:14 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Bioshock
[2009/04/10 15:45:44 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Canneverbe_Limited
[2009/12/13 08:46:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009/03/13 09:49:22 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\CPUControl
[2008/08/18 13:36:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools
[2009/04/10 15:40:03 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DeepBurner
[2009/06/12 07:24:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\hdbADS
[2010/03/10 12:00:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\IrfanView
[2010/06/15 13:01:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2010/06/15 13:02:11 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2009/07/08 07:47:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Mount&Blade
[2010/07/01 01:59:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Mount&Blade Warband
[2009/06/12 07:24:23 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\MrJobs
[2010/03/16 10:58:11 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Music Recognition
[2010/10/20 13:11:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\MyPhoneExplorer
[2011/01/29 14:30:54 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Opera
[2010/10/24 17:48:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PeerNetworking
[2009/03/10 13:15:36 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\The Creative Assembly
[2010/11/21 17:07:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird
[2008/08/27 05:48:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TuneUp Software
[2011/06/15 11:15:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Turbine
[2011/03/01 13:35:24 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Ubisoft
[2011/05/15 08:08:31 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\uqm
[2009/10/25 06:57:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\VistaCodecs
[2010/07/26 16:41:10 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\WB Games
[2008/08/15 04:32:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2008/10/12 09:06:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Azureus
[2010/10/26 13:11:11 | 000,000,000 | ---D | M] -- C:\ProgramData\BioWare
[2008/11/02 16:35:01 | 000,000,000 | ---D | M] -- C:\ProgramData\BVRP Software
[2010/09/23 11:42:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Codemasters
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/08/15 04:32:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/04/10 09:53:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2008/08/15 04:32:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/07/23 12:07:36 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2009/08/09 06:16:24 | 000,000,000 | ---D | M] -- C:\ProgramData\MoTeC
[2009/07/08 16:14:51 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/08/15 04:32:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2008/10/29 18:18:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Steam
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/03/01 13:35:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2009/10/25 06:57:42 | 000,000,000 | ---D | M] -- C:\ProgramData\VistaCodecs
[2008/08/15 04:32:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2008/11/03 06:30:53 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2008/08/13 04:14:26 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/02/07 12:07:29 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\Install_NSS.job
[2011/08/06 18:22:34 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/06 11:26:59 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{AAC9CB54-4DEE-43C7-9291-CF5B1E98A3A1}.job
========== Purity Check ==========
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 8/7/2011 12:36:47 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): c:\pagefile.sys 6000 18000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.63 Gb Total Space | 579.76 Gb Free Space | 82.98% Space Free | Partition Type: NTFS
Drive D: | 122.28 Mb Total Space | 94.59 Mb Free Space | 77.36% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = F5 D8 3F EA 20 3D CA 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{8753DF4D-64B0-474E-9A97-0AB5585D9A53}" = Logitech Gaming Software 5.04
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{903029FE-FA82-427B-916C-AD08185DA3C2}" = Microsoft Xbox 360 Accessories 1.1
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{8753DF4D-64B0-474E-9A97-0AB5585D9A53}" = Logitech Gaming Software 5.04
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{903029FE-FA82-427B-916C-AD08185DA3C2}" = Microsoft Xbox 360 Accessories 1.1
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\Andreas_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
< End of report >
Gruß theBeGinner |
| Themen zu Bundespolizei Virus |
| 64-bit, antivir, autorun, avira, bho, boot-cd, browser, bundespolizei virus, c:\windows\system32\rundll32.exe, cdburnerxp, defender, desktop, error, explorer, firefox, format, helper, home, install.exe, logfile, mozilla thunderbird, nvidia, object, plug-in, reatogo, recycle.bin, registry, rundll, scan, sched.exe, security, shell32.dll, shortcut, software, sptd.sys, start menu, stick, temp, virus, vista |
Baum-Darstellung