|
Log-Analyse und Auswertung: BundesPolizei Trojaner zum teil entferntWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.12.2011, 01:46 | #1 |
| BundesPolizei Trojaner zum teil entfernt hallo liebes trojaner board :d auch ich bin opfer "dieses bundespolizei trojaner" geworden. durch hilfe eines freundes konnte ich den trojaner entfernen, alaso jedenfalls die exe. bekomme jetzt bei jedem start die meldung das das programm nicht gestartet werden kann. ( da ich die exe ja gelöscht habe ) ich habe auch schon "srep.exe" und "OTL.exe" drüberlaufen lassen, hier die ergebnisse daraus: OTL.exe OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.12.2011 01:07:15 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,93 Gb Available Physical Memory | 73,32% Memory free 8,00 Gb Paging File | 6,85 Gb Available in Paging File | 85,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,59 Gb Total Space | 12,59 Gb Free Space | 21,49% Space Free | Partition Type: NTFS Drive D: | 174,28 Gb Total Space | 153,01 Gb Free Space | 87,80% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 137,71 Gb Free Space | 14,78% Space Free | Partition Type: NTFS Computer Name: *** | User Name: Kai | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Kai\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Programme\Mouse\Amoumain.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\Mouse\Amoumain.exe () MOD - C:\Programme\Mouse\Amoures.dll () MOD - C:\Windows\SysWOW64\Amhooker.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (Windows7FirewallService) -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe (Sphinx Software) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (lxcg_device) -- C:\Windows\SysNative\lxcgcoms.exe ( ) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe () SRV - (watchmi) -- C:\Program Files (x86)\watchmi\TvdService.exe () SRV - (getPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (DAUpdaterSvc) -- E:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (lxcg_device) -- C:\Windows\SysWow64\lxcgcoms.exe ( ) ========== Driver Services (SafeList) ========== DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (Amusbprt) -- C:\Windows\SysNative\drivers\Amusbx64.sys (A4Tech Co.,Ltd.) DRV:64bit: - (Amfilter) -- C:\Windows\SysNative\drivers\Amfltx64.sys ((Standard mouse types)) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (EMSUSB2) -- C:\Windows\SysWOW64\drivers\Emsusb2.sys () DRV - (PDNMp50) -- C:\Windows\SysWOW64\drivers\PDNMp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (PDNSp50) -- C:\Windows\SysWOW64\drivers\PDNSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 8F 80 E4 E6 46 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "QIP Search" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:21.1.10084.997 FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1 FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.9 FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.6 FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.09 23:06:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.14 11:41:43 | 000,000,000 | ---D | M] [2010.06.28 18:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions [2011.11.27 13:03:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\c5rxebyi.default\extensions [2011.11.10 13:55:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\c5rxebyi.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.06.29 21:32:04 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\c5rxebyi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.11.18 22:54:12 | 000,000,000 | ---D | M] (RedShift V3.6) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\c5rxebyi.default\extensions\redshift_V2@shift-themes.com [2011.11.10 13:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\KAI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C5RXEBYI.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.11.09 23:06:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.09.28 12:00:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.28 12:00:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.28 12:00:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.28 12:00:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.28 12:00:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.28 12:00:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [WheelMouse] C:\Programme\Mouse\Amoumain.exe () O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} https://s3.amazonaws.com/content.systemrequirementslab.com/global/bin/srldetect_cyri_4.1.72.0_x.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {AEA3991E-3109-4C98-989E-33994FEB1A91} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri64_4.4.16.0.cab (SysInfo Class) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{202D2394-2D12-4779-B4F4-54D43C19BFF6}: NameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.10.28 18:34:05 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{1533a9c0-28d4-11e0-80ec-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1533a9c0-28d4-11e0-80ec-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^watchmi tray.lnk - C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_STARTUP_F1540F35F9254DF584F2487D88448402.exe - (Acresso Software Inc.) MsConfig:64bit - StartUpFolder: C:^Users^Kai^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk - C:\PROGRA~2\Hamachi\hamachi.exe - (LogMeIn Inc.) MsConfig:64bit - StartUpFolder: C:^Users^Kai^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - C:\PROGRA~2\COMMON~1\LogiShrd\eReg\SetPoint\eReg.exe - (Leader Technologies/Logitech) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) MsConfig:64bit - StartUpReg: ChangeFilterMerit - hkey= - key= - File not found MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: EvtMgr6 - hkey= - key= - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) MsConfig:64bit - StartUpReg: EzPrint - hkey= - key= - C:\Program Files (x86)\Lexmark 2300 Series\ezprint.exe (Lexmark International Inc.) MsConfig:64bit - StartUpReg: FlashPlayerUpdate - hkey= - key= - File not found MsConfig:64bit - StartUpReg: InstallShieldSetup - hkey= - key= - File not found MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - File not found MsConfig:64bit - StartUpReg: LXCGCATS - hkey= - key= - File not found MsConfig:64bit - StartUpReg: lxcgmon.exe - hkey= - key= - C:\Program Files (x86)\Lexmark 2300 Series\lxcgmon.exe (Lexmark International, Inc.) MsConfig:64bit - StartUpReg: NBAgent - hkey= - key= - File not found MsConfig:64bit - StartUpReg: OfficeSyncProcess - hkey= - key= - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH) MsConfig:64bit - StartUpReg: Presto! PVR Monitor - hkey= - key= - File not found MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RGSC - hkey= - key= - File not found MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - E:\Games\Steam\steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: Uninstall Adobe Download Manager - hkey= - key= - C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation) MsConfig:64bit - State: "bootini" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.03 00:43:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kai\Desktop\OTL.exe [2011.11.28 22:17:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2011.11.26 19:44:04 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\HeroBlade Logs [2011.11.14 18:56:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Leadertech [2011.11.14 18:56:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd [2011.11.14 18:55:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd [2011.11.14 18:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2011.11.14 18:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd [2011.11.14 18:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2011.11.14 18:55:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd [2011.11.14 18:53:54 | 000,000,000 | ---D | C] -- C:\Users\Kai\AppData\Roaming\Logitech [2011.11.14 18:53:54 | 000,000,000 | ---D | C] -- C:\Users\Kai\AppData\Roaming\Logishrd [2011.11.12 14:57:39 | 000,000,000 | ---D | C] -- C:\Users\Kai\AppData\Local\Skyrim [2010.10.22 11:28:21 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpmui.dll [2010.10.22 11:28:21 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcginpa.dll [2010.10.22 11:28:21 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgiesc.dll [2010.10.22 11:28:20 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgserv.dll [2010.10.22 11:28:20 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgusb1.dll [2010.10.22 11:28:20 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcghbn3.dll [2010.10.22 11:28:20 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomc.dll [2010.10.22 11:28:20 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcglmpm.dll [2010.10.22 11:28:20 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcoms.exe [2010.10.22 11:28:20 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomm.dll [2010.10.22 11:28:20 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgih.exe [2010.10.22 11:28:20 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcfg.exe [2010.10.22 11:28:20 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgppls.exe [2010.10.22 11:28:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgprox.dll [2010.10.22 11:28:20 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpplc.dll [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.03 01:05:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.03 01:05:24 | 3220,566,016 | -HS- | M] () -- C:\hiberfil.sys [2011.12.03 01:02:58 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.03 01:02:58 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.03 01:00:54 | 001,628,588 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.03 01:00:54 | 000,702,470 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.03 01:00:54 | 000,657,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.03 01:00:54 | 000,150,166 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.03 01:00:54 | 000,122,954 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.03 00:57:37 | 000,126,967 | ---- | M] () -- C:\Users\Kai\Desktop\103010-trojaner-fake-polizeisperre-entfernen.html [2011.12.03 00:43:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kai\Desktop\OTL.exe [2011.12.02 23:45:38 | 000,754,674 | ---- | M] () -- C:\Users\***\Desktop\srep.exe [2011.12.02 22:14:26 | 000,001,037 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.33872318465428.exe.lnk [2011.11.28 01:15:23 | 000,002,518 | ---- | M] () -- C:\Users\***\Documents\cc_20111128_011518.reg [2011.11.27 12:55:56 | 001,188,161 | ---- | M] () -- C:\Users\***\Desktop\CrystalDiskInfo4_1_3a.zip [2011.11.26 15:22:55 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.11.26 15:22:55 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.11.26 15:20:02 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2011.11.24 01:12:29 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif [2011.11.22 02:35:54 | 000,012,036 | ---- | M] () -- C:\Users\***\Documents\cc_20111122_023551.reg [2011.11.14 16:15:32 | 000,003,500 | ---- | M] () -- C:\Users\***\Documents\cc_20111114_161530.reg [2011.11.11 01:40:56 | 000,002,718 | ---- | M] () -- C:\Users\***\Documents\cc_20111111_014054.reg [2011.11.09 13:07:31 | 000,416,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.11.03 23:50:09 | 000,000,186 | ---- | M] () -- C:\Users\Kai\Documents\cc_20111103_235006.reg [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.03 00:57:36 | 000,126,967 | ---- | C] () -- C:\Users\***\Desktop\103010-trojaner-fake-polizeisperre-entfernen.html [2011.12.02 23:45:35 | 000,754,674 | ---- | C] () -- C:\Users\***i\Desktop\srep.exe [2011.12.02 22:14:26 | 000,001,037 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.33872318465428.exe.lnk [2011.11.28 01:15:20 | 000,002,518 | ---- | C] () -- C:\Users\***\Documents\cc_20111128_011518.reg [2011.11.27 12:55:40 | 001,188,161 | ---- | C] () -- C:\Users\***\Desktop\CrystalDiskInfo4_1_3a.zip [2011.11.22 02:35:53 | 000,012,036 | ---- | C] () -- C:\Users\***\Documents\cc_20111122_023551.reg [2011.11.14 16:15:31 | 000,003,500 | ---- | C] () -- C:\Users\***\Documents\cc_20111114_161530.reg [2011.11.11 01:40:55 | 000,002,718 | ---- | C] () -- C:\Users\***\Documents\cc_20111111_014054.reg [2011.11.03 23:50:08 | 000,000,186 | ---- | C] () -- C:\Users\***\Documents\cc_20111103_235006.reg [2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.06.29 12:20:22 | 000,350,687 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2011.06.21 23:26:51 | 000,000,273 | ---- | C] () -- C:\Windows\vtmb.ini [2011.06.20 17:07:01 | 000,004,416 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamStudio.cfg [2011.06.20 17:07:01 | 000,000,408 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamShapes.ini [2011.06.20 17:07:01 | 000,000,408 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamLayout.ini [2011.06.20 17:07:01 | 000,000,116 | ---- | C] () -- C:\Users\***\AppData\Roaming\Camdata.ini [2011.06.19 22:04:59 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011.05.17 16:55:26 | 001,605,546 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.03 20:18:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2011.03.25 21:39:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.02.14 01:15:16 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini [2010.12.21 18:23:28 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.12.21 18:23:13 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2010.12.21 18:23:13 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.12.21 03:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.12.19 18:48:40 | 000,000,034 | ---- | C] () -- C:\Windows\WinBIN2ISO.INI [2010.12.06 14:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe [2010.11.15 16:06:35 | 000,000,632 | ---- | C] () -- C:\Windows\Sof2.INI [2010.10.22 11:28:21 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcgcomx.dll [2010.10.22 11:28:21 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcginst.dll [2010.10.11 23:27:37 | 000,000,027 | ---- | C] () -- C:\Windows\BlackIceLauncher.dat [2010.09.26 13:48:49 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2010.08.17 15:04:24 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2010.07.25 23:30:17 | 000,000,327 | ---- | C] () -- C:\Windows\SIERRA.INI [2010.07.09 21:03:22 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\Amhooker.dll [2010.06.29 14:51:34 | 000,007,617 | ---- | C] () -- C:\Users\Kai\AppData\Local\resmon.resmoncfg [2010.06.29 14:48:09 | 001,581,056 | ---- | C] () -- C:\Windows\SysWow64\UsbPadCP.dll [2010.06.29 14:48:09 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\Usbpadff.dll [2010.06.29 14:47:25 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\drivers\Emsusb2.sys [2010.06.28 18:45:48 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2004.01.26 17:15:28 | 000,233,472 | R--- | C] () -- C:\Windows\SysWow64\MafiaSetup.exe [2004.01.26 17:15:28 | 000,233,472 | R--- | C] () -- C:\Users\Kai\AppData\Roaming\MafiaSetup.exe ========== LOP Check ========== [2011.02.24 22:55:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.purple [2011.09.25 12:21:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\abgx360 [2010.08.20 17:24:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft [2011.05.05 10:51:07 | 000,000,000 | ---D | M] -- C:\Users\***i\AppData\Roaming\Armagetron [2010.09.28 12:10:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux [2011.09.04 19:32:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BOM [2010.12.20 21:11:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2011.11.13 02:10:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2011.06.22 14:01:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Day 1 Studios [2011.07.05 16:43:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fltk.org [2011.04.23 18:35:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER [2011.02.12 21:34:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.10.08 12:46:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hansenet [2011.06.16 22:13:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hi-Rez Studios [2010.12.20 23:35:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn [2011.11.14 18:56:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2010.12.18 11:39:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient [2011.03.15 18:15:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mupen64Plus [2011.09.26 21:56:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2011.08.22 14:39:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TIPP10 [2011.05.14 16:02:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ToMMTi-Systems [2011.02.12 11:27:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Trillian [2011.11.21 22:13:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2011.04.03 22:22:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tunngle [2011.06.09 12:47:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unity [2011.11.26 11:30:06 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.06.30 22:05:07 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.02.22 19:20:22 | 000,000,000 | ---D | M] -- C:\210b2ce3fd3869d43456 [2011.03.25 21:36:45 | 000,000,000 | ---D | M] -- C:\ATI [2011.02.22 20:39:49 | 000,000,000 | -HSD | M] -- C:\Boot [2011.11.15 02:14:04 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.06.28 17:45:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.07.09 21:03:22 | 000,000,000 | ---D | M] -- C:\download [2010.07.08 17:22:41 | 000,000,000 | ---D | M] -- C:\drivers [2010.08.17 14:46:17 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.05.14 09:44:52 | 000,000,000 | ---D | M] -- C:\NVIDIA [2011.01.25 16:58:22 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.11.14 18:55:31 | 000,000,000 | R--D | M] -- C:\Program Files [2011.10.26 17:10:55 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.12.02 22:14:29 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.06.28 17:45:37 | 000,000,000 | -HSD | M] -- C:\Programme [2010.10.04 10:23:21 | 000,000,000 | ---D | M] -- C:\RaidTool [2010.06.28 17:45:38 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.12.03 01:08:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.04.23 18:34:55 | 000,000,000 | ---D | M] -- C:\totalcmd [2011.07.06 23:13:40 | 000,000,000 | ---D | M] -- C:\Users [2011.12.02 22:32:17 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > Extra.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.12.2011 01:07:15 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,93 Gb Available Physical Memory | 73,32% Memory free 8,00 Gb Paging File | 6,85 Gb Available in Paging File | 85,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,59 Gb Total Space | 12,59 Gb Free Space | 21,49% Space Free | Partition Type: NTFS Drive D: | 174,28 Gb Total Space | 153,01 Gb Free Space | 87,80% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 137,71 Gb Free Space | 14,78% Space Free | Partition Type: NTFS Computer Name: KAI-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit) "{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64 "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8F996E1A-AC6B-480B-BB99-C7470C3BAAD2}" = System Requirements Lab CYRI (64-bit) "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010 "{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010 "{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A2B4455D-1046-4732-BFBC-0821BEFC07BC}" = Hellgate: London "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{D237D67F-E77C-4D9E-AA66-8B7A821C215F}" = MFC RunTime files x64 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "Lexmark 2300 Series" = Lexmark 2300 Series "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "NVIDIA Drivers" = NVIDIA Drivers "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "sp6" = Logitech SetPoint 6.32 "Unlocker" = Unlocker 1.9.0-x64 "WheelMouse" = Smart-X7 7.80 "Windows7FirewallControl_is1" = Windows7FirewallControl (x64) 4.1.13.71 "WinRAR archiver" = WinRAR 4.01 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{035B3ABF-89B6-4964-8656-36CBE01F6C85}" = Red Faction "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI "{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26 "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition "{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010 "{434D0831-A4CC-401A-9E74-621000018401}" = F1 2010 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000B8302}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8304}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8305}" = Grand Theft Auto IV "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV "{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID "{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars(tm) Knights of the Old Republic(tm) II: The Sith Lords(tm) "{6583D00E-0924-4950-8BE9-5D09FE70B333}" = MTX "{65DF3688-6EF3-4C86-83DE-54AB46029F07}" = Hellgate "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.1 "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A20A58C4-6784-4B4B-86CC-94E2E3671031}" = Nero 7 Premium "{A2B3C27C-1F09-47C6-9A90-9683BEFD7963}" = Dawn of War - Soulstorm "{AA4D1C5E-116A-4FF4-AA91-28F526868203}" = watchmi "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines "{CE2EECFE-3F41-49B3-A0CA-0076545703E2}" = Hybrid "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game "{DCD23E02-8797-4edd-9937-0309263AF4E9}_is1" = Vokaboly 3.43 "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition "7-Zip" = 7-Zip 9.20 "abgx360" = abgx360 v1.0.5 "Alice" = Alice-Installationsdateien entfernen "Alice Software" = Alice Software 4.10.0 "Avidemux 2.5" = Avidemux 2.5 "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10 "Driver San Francisco" = Driver San Francisco "EAX Unified" = EAX Unified "Empire at War Forces of Corruption Mappack" = Empire at War Forces of Corruption Mappack 4.00 "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50 "F.E.A.R. 3_is1" = F.E.A.R. 3 "GFWL_{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition "GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010 "Guild Wars" = GUILD WARS "Hamachi" = Hamachi 1.0.3.0 "ImgBurn" = ImgBurn "InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines "JDownloader" = JDownloader "Kain 2" = Legacy of Kain: Soul Reaver "Little Fighter 2" = Little Fighter 2 version 2.0a "Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de) "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenAL" = OpenAL "PunkBusterSvc" = PunkBuster Services "Sierra Utilities" = Sierra Utilities "Sniper Ghost Warrior Update 2_is1" = Sniper Ghost Warrior Update 2 "Sniper Ghost Warrior Update 3_is1" = Sniper Ghost Warrior Update 3 "Steam App 105600" = Terraria "Steam App 12120" = Grand Theft Auto: San Andreas "Steam App 1250" = Killing Floor "Steam App 1500" = Darwinia "Steam App 1510" = Uplink "Steam App 1520" = DEFCON "Steam App 1530" = Multiwinia "Steam App 17460" = Mass Effect "Steam App 24960" = Battlefield: Bad Company 2 "Steam App 24980" = Mass Effect 2 "Steam App 29720" = Guild Wars "Steam App 3700" = Sniper Elite "Steam App 42910" = Magicka "Steam App 550" = Left 4 Dead 2 "Steam App 58520" = Blood Bowl: Legendary Edition "Steam App 6020" = Star Wars Jedi Knight: Jedi Academy "Steam App 620" = Portal 2 "Steam App 9450" = Warhammer 40,000: Dawn of War – Soulstorm "Steam App 97100" = Section 8: Prejudice "Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack "TIPP10_is1" = TIPP10 Version 2.1.0 "Totalcmd" = Total Commander (Remove or Repair) "Trillian" = Trillian "VLC media player" = VLC media player 1.1.11 "WinLauncherXP_is1" = WinLauncherXP 2.0.5 beta "World of Warcraft" = World of Warcraft ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "TeamSpeak 3 Client" = TeamSpeak 3 Client "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 02.12.2011 05:17:18 | Computer Name = ***-PC | Source = Windows Search Service | ID = 9000 Description = Error - 02.12.2011 05:17:18 | Computer Name = ***-PC | Source = Windows Search Service | ID = 7040 Description = Error - 02.12.2011 05:17:18 | Computer Name = ***-PC | Source = Windows Search Service | ID = 7042 Description = Error - 02.12.2011 05:17:18 | Computer Name = ***-PC | Source = Windows Search Service | ID = 9002 Description = Error - 02.12.2011 05:17:18 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3029 Description = Error - 02.12.2011 05:17:18 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3029 Description = Error - 02.12.2011 05:17:18 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3028 Description = Error - 02.12.2011 05:17:18 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3058 Description = Error - 02.12.2011 05:17:18 | Computer Name = ***-PC | Source = Windows Search Service | ID = 7010 Description = Error - 02.12.2011 19:14:09 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 512 Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden. Details: Could not query the status of the EventSystem service. System Error: Der Computer wird heruntergefahren. . [ Media Center Events ] Error - 11.10.2010 03:10:12 | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 09:10:11 - Fehler beim Herstellen der Internetverbindung. 09:10:11 - Serververbindung konnte nicht hergestellt werden.. Error - 11.10.2010 03:10:39 | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 09:10:17 - Fehler beim Herstellen der Internetverbindung. 09:10:17 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 02.12.2011 19:15:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 02.12.2011 19:15:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 02.12.2011 19:15:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst "Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error - 02.12.2011 19:15:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 02.12.2011 19:15:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 02.12.2011 19:15:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerkverbindungen" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 02.12.2011 19:15:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 02.12.2011 19:15:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf Error - 02.12.2011 19:56:11 | Computer Name = ***-PC | Source = Microsoft Antimalware | ID = 3002 Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode: 0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842 Error - 02.12.2011 20:05:58 | Computer Name = ***-PC | Source = Microsoft Antimalware | ID = 3002 Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode: 0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842 < End of report > so ich hoffe ich habe alles richtig gemacht! :P Geändert von kaisn (03.12.2011 um 01:52 Uhr) |
03.12.2011, 01:54 | #2 |
| BundesPolizei Trojaner zum teil entfernt also in grunde muss ich jetzt nur noch die registry einträge loswerden. da ich beim start eben die fehlermeldung bekomme das diese trojaner exe net gestartet werden konnte.
__________________mfg kaisn |
03.12.2011, 01:57 | #3 |
| BundesPolizei Trojaner zum teil entfernt ach sorry hier noch der inhalt aus der shell.txt datei
__________________PHP-Code: Geändert von kaisn (03.12.2011 um 02:23 Uhr) |
03.12.2011, 02:38 | #4 |
| BundesPolizei Trojaner zum teil entfernt bitte entschuldigt mich da ich jetzt schon den 4. beitrag schreibe, möchte aber alles aktuell halten also ich habe spybot s&d installt und der hat einen registry eintrag als malware entdeckt, der dafür gesorgt hat das man den taskmanager nicht starten kann. und mit CCleaner habe ich den autostart von dem trojaner abgestellt, und bekomme daher auch die fehlermeldung nimmer das das programm nicht gestartet werden kann. also im grunde läuft der rechner wieder. falls ich was vergessen habe sagt es mir bitte. mfg kaisn |
03.12.2011, 13:29 | #5 |
| BundesPolizei Trojaner zum teil entfernt ok hier war der beitrag wohl falsch, habe ihn an richtiger stelle nochmal erstellt!! mfg kaisn |
Themen zu BundesPolizei Trojaner zum teil entfernt |
32-bit, 64-bit, 7-zip, adobe, bho, c:\windows\system32\rundll32.exe, crystaldiskinfo, disabletaskmgr, document, entfernen, error, excel.exe, explorer, fehler, firefox, flash player, format, grand theft auto, install.exe, ip-hilfsdienst, jdownloader, langs, locker, logfile, microsoft office word, microsoft security, nvidia update, object, plug-in, programm, realtek, registry, rundll, scan, security, security scan, senden, software, srep.exe, super, system error, teamspeak, total commander, trojaner, trojaner board, version=1.0, webcheck, windows |