Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojan.Generic.KD.520712 oder ähnlich

Trojan.Generic.KD.520712 oder ähnlich


Plagegeister aller Art und deren Bekämpfung: Trojan.Generic.KD.520712 oder ähnlich

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.01.2012, 16:23   #1
Wargar
 
Trojan.Generic.KD.520712 oder ähnlich - Standard

Trojan.Generic.KD.520712 oder ähnlich


Moin moin. :-)

Ich hege seit heute 0445 den Verdacht, eben jenen im Titel genannten Trojan.Generic.KD.520712 auf meiner Platte zu haben. Dazu kam es durch das Besuchen einer Unterseite von unzensiertinformiert.de.
Die dazugehörige Datei sitzt in /Temp/TMP1 und hat sich auch gleich in den Autostart eingeschrieben, das Systemstartelement ist in msconfig mit kyrillischen Zeichen angegeben. Auf virustotal wird diese Datei von bisher 9 (waren vor 10 Stunden noch 4) Antivirusanbietern als Trojaner oder anderer Schädling identifiziert (virustotal.com tinyurl: hxxp://tinyurl.com/79j987p).
Das einzige, was diese Datei bisher bewirkte, war das Öffnen einer notepad.exe, welche die explorer.exe beendete. Dies war etwa 10 Sekunden nach dem Klicken auf den Link (welche ich übrigens über Google fand) . Die gewünschte Seite wurde dabei nicht angezeigt. Ebenfalls konnte ich die vor dem Beenden der explorer.exe laufenden Programme nicht wieder in den Vordergrund holen, die geöffnete Youtubeplaylist lief weiter.

Hier die OTL.txt:
Code:
ATTFilter
OTL logfile created on: 27.01.2012 06:15:53 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = D:\Alles\André\Downloads
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 68,15% Memory free
6,00 Gb Paging File | 4,81 Gb Available in Paging File | 80,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 16,60 Gb Total Space | 0,08 Gb Free Space | 0,48% Space Free | Partition Type: NTFS
Drive D: | 390,62 Gb Total Space | 81,23 Gb Free Space | 20,79% Space Free | Partition Type: NTFS
Drive E: | 58,44 Gb Total Space | 54,05 Gb Free Space | 92,49% Space Free | Partition Type: NTFS
 
Computer Name: ANDRÉ-PC | User Name: André | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.27 06:12:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Alles\André\Downloads\OTL.exe
PRC - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2009.07.21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- D:\Alles\André\Avira\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- D:\Alles\André\Avira\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- D:\Alles\André\Avira\Avira\AntiVir Desktop\avgnt.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.07.28 22:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.01.05 17:38:54 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.08.15 16:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Alles\Programme\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.04.16 17:19:28 | 000,103,800 | ---- | M] (Dynamic Network Services, Inc.) [Disabled | Stopped] -- D:\Alles\Programme\DynDNS Updater\DynUpSvc.exe -- (DynDNS Updater)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.19 23:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Disabled | Stopped] -- D:\Alles\Programme\xampp\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009.12.19 23:00:00 | 001,029,776 | ---- | M] (FileZilla Project) [Disabled | Stopped] -- D:\Alles\Programme\xampp\xampp\FileZillaFTP\FileZilla server.exe -- (FileZilla Server)
SRV - [2009.12.19 23:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- D:\Alles\Programme\xampp\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009.07.21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Alles\André\Avira\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Alles\André\Avira\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.07.28 23:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.07.28 23:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.07.28 21:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.06.06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.04.12 12:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011.03.22 23:30:29 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010.07.21 16:58:50 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010.05.07 12:56:33 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.04.23 13:46:07 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.04.23 13:46:07 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.01.28 15:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.01.06 17:20:00 | 000,676,864 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009.11.25 11:19:02 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.09.17 14:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2007.04.23 14:21:16 | 000,269,824 | ---- | M] (NETGEAR Inc.                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.03.12 16:35:10 | 000,016,080 | ---- | M] (EnTech Taiwan) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\TVicPort64.sys -- (TVicPort64)
DRV - [2007.02.07 19:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2005.03.30 10:12:38 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\TVicPort.sys -- (TVicPort)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A7 6F C6 96 C4 D9 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {4b0a905d-b508-4574-8d12-b8fe120ace09}:0.5
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.5
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Alles\Programme\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer: C:\Users\André\AppData\Roaming\Kalydo\KalydoPlayer\bin\npkalydo.dll (Eximion B.V.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: D:\Alles\Firefox\components [2012.01.27 04:49:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: D:\Alles\Firefox\plugins [2011.12.21 13:30:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: D:\Alles\Firefox\components [2012.01.27 04:49:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: D:\Alles\Firefox\plugins [2011.12.21 13:30:17 | 000,000,000 | ---D | M]
 
[2010.03.01 21:46:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\André\AppData\Roaming\mozilla\Extensions
[2012.01.27 05:08:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\André\AppData\Roaming\mozilla\Firefox\Profiles\bvt20aha.default\extensions
[2010.06.21 11:43:39 | 000,000,000 | ---D | M] (Faark's Grepolis Bericht 2 Image - Exporter) -- C:\Users\André\AppData\Roaming\mozilla\Firefox\Profiles\bvt20aha.default\extensions\{4b0a905d-b508-4574-8d12-b8fe120ace09}
[2010.07.29 00:34:52 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\André\AppData\Roaming\mozilla\Firefox\Profiles\bvt20aha.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.06 10:49:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\André\AppData\Roaming\mozilla\Firefox\Profiles\bvt20aha.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.07.02 14:10:58 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\André\AppData\Roaming\mozilla\Firefox\Profiles\bvt20aha.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.01.27 05:08:47 | 000,000,947 | ---- | M] () -- C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\bvt20aha.default\searchplugins\icqplugin.xml
File not found (No name found) -- C:\USERS\ANDRé\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BVT20AHA.DEFAULT\EXTENSIONS\{4B0A905D-B508-4574-8D12-B8FE120ACE09}
File not found (No name found) -- C:\USERS\ANDRé\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BVT20AHA.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
File not found (No name found) -- C:\USERS\ANDRé\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BVT20AHA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}
File not found (No name found) -- C:\USERS\ANDRé\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BVT20AHA.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}
[2011.08.27 15:59:50 | 000,000,000 | ---D | M] (Java Console) -- D:\ALLES\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2010.06.13 18:56:09 | 000,000,875 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Alles\Programme\Javah\bin\jp2ssv.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Alles\Programme\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll File not found
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] D:\Alles\André\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [StartCCC] D:\Alles\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe File not found
O4 - HKCU..\Run: [Steam] D:\Alles\Programme\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\André\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\André\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\André\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\André\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33284A5D-490F-4338-811C-994FD0800A13}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60936B8B-53C7-4FC5-B9BA-C6415BE69839}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4245F4B-1956-47E0-8537-90B33DCE6A85}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1e9a3d59-6270-11df-b4dc-0021855ab891}\Shell - "" = AutoRun
O33 - MountPoints2\{1e9a3d59-6270-11df-b4dc-0021855ab891}\Shell\AutoRun\command - "" = J:\OblivionLauncher.exe
O33 - MountPoints2\{1fe3cff5-60db-11df-9708-0021855ab891}\Shell - "" = AutoRun
O33 - MountPoints2\{1fe3cff5-60db-11df-9708-0021855ab891}\Shell\AutoRun\command - "" = I:\Torchlight_Setup.exe
O33 - MountPoints2\{231a2f11-5480-11e0-acfd-0021855ab891}\Shell - "" = AutoRun
O33 - MountPoints2\{231a2f11-5480-11e0-acfd-0021855ab891}\Shell\AutoRun\command - "" = G:\Autoplay.exe
O33 - MountPoints2\{3716acb6-67f7-11df-b89e-0021855ab891}\Shell - "" = AutoRun
O33 - MountPoints2\{3716acb6-67f7-11df-b89e-0021855ab891}\Shell\AutoRun\command - "" = K:\Setup.exe
O33 - MountPoints2\{46a69716-6fc4-11df-9df3-0021855ab891}\Shell - "" = AutoRun
O33 - MountPoints2\{46a69716-6fc4-11df-9df3-0021855ab891}\Shell\AutoRun\command - "" = L:\Autorun.exe
O33 - MountPoints2\{6dca0793-8e2d-11e0-b8e5-0021855ab891}\Shell - "" = AutoRun
O33 - MountPoints2\{6dca0793-8e2d-11e0-b8e5-0021855ab891}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{88f83be3-2535-11df-b06a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{88f83be3-2535-11df-b06a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\0data\cbs.exe
O33 - MountPoints2\{e27be1e5-59cf-11df-95b9-0021855ab891}\Shell - "" = AutoRun
O33 - MountPoints2\{e27be1e5-59cf-11df-95b9-0021855ab891}\Shell\AutoRun\command - "" = F:\AUTOSTARTER.EXE
O33 - MountPoints2\{e7bc4a1f-5edd-11df-86df-0021855ab891}\Shell - "" = AutoRun
O33 - MountPoints2\{e7bc4a1f-5edd-11df-86df-0021855ab891}\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DynDNS Updater Tray Icon.lnk - D:\Alles\Programme\DynDNS Updater\DynTray.exe - (Dynamic Network Services, Inc.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Smart Wizard Wireless Settings.lnk - D:\Alles\Netgear\Utility\WG111CFG.exe - ()
MsConfig:64bit - StartUpFolder: C:^Users^André^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.049986796397684996.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^André^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip -  - File not found
MsConfig:64bit - StartUpReg: AlcoholAutomount - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Alles\Programme\DaemonTools\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - D:\Alles\Programme\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.27 04:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012.01.27 04:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012.01.20 20:11:37 | 000,000,000 | ---D | C] -- C:\Users\André\AppData\Roaming\Opera
[2012.01.20 20:11:37 | 000,000,000 | ---D | C] -- C:\Users\André\AppData\Local\Opera
[2012.01.20 20:11:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2012.01.16 00:27:29 | 000,000,000 | ---D | C] -- C:\Users\André\AppData\Local\Rebellion
[2012.01.08 16:32:28 | 000,000,000 | ---D | C] -- C:\Users\André\Documents\Gothic3ForsakenGods
[2012.01.07 17:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012.01.06 16:26:52 | 000,000,000 | ---D | C] -- C:\Users\André\Documents\Atari
[2012.01.06 16:26:52 | 000,000,000 | ---D | C] -- C:\Users\André\AppData\Roaming\Atari
[2012.01.06 16:26:52 | 000,000,000 | ---D | C] -- C:\Users\André\AppData\Local\Atari
[2011.12.28 17:44:06 | 000,000,000 | ---D | C] -- C:\Users\André\Desktop\Neuer Ordner
[2011.12.28 16:19:14 | 000,000,000 | ---D | C] -- C:\Users\André\Documents\Games for Windows - LIVE Demos
[2011.12.28 16:05:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011.12.28 16:04:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011.12.28 16:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.27 06:16:32 | 000,014,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.27 06:16:32 | 000,014,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.27 06:14:11 | 001,640,032 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.27 06:14:11 | 000,706,600 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.27 06:14:11 | 000,660,218 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.27 06:14:11 | 000,152,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.27 06:14:11 | 000,124,408 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.27 06:08:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.27 06:07:54 | 000,000,020 | ---- | M] () -- C:\Users\André\defogger_reenable
[2012.01.20 20:11:34 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.01.08 17:29:00 | 000,000,217 | ---- | M] () -- C:\Users\André\Desktop\Red Faction Guerrilla.url
[2012.01.06 18:03:15 | 000,000,215 | ---- | M] () -- C:\Users\André\Desktop\Portal 2.url
[2012.01.06 03:26:38 | 000,000,216 | ---- | M] () -- C:\Users\André\Desktop\The Chronicles of Riddick Assault on Dark Athena.url
[2012.01.01 18:43:21 | 000,000,217 | ---- | M] () -- C:\Users\André\Desktop\Section 8 Prejudice.url
[2011.12.30 16:28:55 | 000,000,217 | ---- | M] () -- C:\Users\André\Desktop\Machinarium.url
[2011.12.29 16:40:51 | 000,000,217 | ---- | M] () -- C:\Users\André\Desktop\Gothic 3 Forsaken Gods Enhanced Edition.url
[2011.12.28 20:23:36 | 000,000,217 | ---- | M] () -- C:\Users\André\Desktop\Dungeon Defenders.url
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.27 06:07:54 | 000,000,020 | ---- | C] () -- C:\Users\André\defogger_reenable
[2012.01.20 20:11:34 | 000,001,845 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.01.20 20:11:34 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.01.08 17:29:00 | 000,000,217 | ---- | C] () -- C:\Users\André\Desktop\Red Faction Guerrilla.url
[2012.01.06 18:03:15 | 000,000,215 | ---- | C] () -- C:\Users\André\Desktop\Portal 2.url
[2012.01.06 03:26:38 | 000,000,216 | ---- | C] () -- C:\Users\André\Desktop\The Chronicles of Riddick Assault on Dark Athena.url
[2012.01.01 18:42:49 | 000,000,217 | ---- | C] () -- C:\Users\André\Desktop\Section 8 Prejudice.url
[2011.12.30 16:28:55 | 000,000,217 | ---- | C] () -- C:\Users\André\Desktop\Machinarium.url
[2011.12.29 16:40:51 | 000,000,217 | ---- | C] () -- C:\Users\André\Desktop\Gothic 3 Forsaken Gods Enhanced Edition.url
[2011.12.28 20:23:15 | 000,000,217 | ---- | C] () -- C:\Users\André\Desktop\Dungeon Defenders.url
[2011.10.20 13:53:07 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.07.17 22:54:02 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.03.22 23:25:49 | 000,005,120 | ---- | C] () -- C:\Users\André\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.11.21 20:06:45 | 000,088,280 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.06.13 16:58:07 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.04.12 02:27:25 | 000,000,093 | ---- | C] () -- C:\Users\André\AppData\Local\fusioncache.dat
[2010.04.12 02:26:30 | 001,617,166 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.03.17 23:18:16 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.03.01 15:44:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
 
========== LOP Check ==========
 
[2011.10.22 16:46:04 | 000,000,000 | ---D | M] -- C:\Users\André\AppData\Roaming\.minecraft
[2012.01.06 16:26:52 | 000,000,000 | ---D | M] -- C:\Users\André\AppData\Roaming\Atari
[2010.05.18 13:08:25 | 000,000,000 | ---D | M] -- C:\Users\André\AppData\Roaming\Audacity
[2011.09.12 23:47:25 | 000,000,000 | ---D | M] -- C:\Users\André\AppData\Roaming\Black Sea Studios
[2011.03.22 23:31:37 | 000,000,000 | ---D | M] -- C:\Users\André\AppData\Roaming\DAEMON Tools Lite
[2011.09.13 23:15:22 | 000,000,000 | ---D | M] -- C:\Users\André\AppData\Roaming\Dropbox
[2011.11.19 17:21:48 | 000,000,000 | ---D | M] -- C:\Users\André\AppData\Roaming\DVDVideoSoft
[2011.11.19 17:21:43 | 000,000,000 | ---D | M] -- C:\Users\André\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.23 23:20:07 | 000,000,000 | ---D | M] -- C:\Users\André\AppData\Roaming\FileZilla
[2010.03.06 17:37:44 | 000,000,000 | ---D | M] -- C:\Users\André\AppData\Roaming\fofix
[2010.03.07 23:17:32 | 000,000,000 | ---D | M] -- C:\Users\André\AppData\Roaming\FOG Downloader
[2011.08.30 01:20:43 | 000,000,000 | ---D | M] -- C:\Users\André\AppData\Roaming\GetRightToGo
[2011.12.14 12:58:20 | 000,000,000 | ---D | M] -- C:\Users\André\AppData\Roaming\Kalydo
[2010.05.25 13:58:43 | 000,000,000 | ---D | M] -- C:\Users\André\AppData\Roaming\Leadertech
[2010.07.28 18:15:04 | 000,000,000 | ---D | M] -- C:\Users\André\AppData\Roaming\LolClient
[2010.12.09 23:07:19 | 000,000,000 | ---D | M] -- C:\Users\André\AppData\Roaming\OpenOffice.org
[2012.01.20 20:11:37 | 000,000,000 | ---D | M] -- C:\Users\André\AppData\Roaming\Opera
[2010.05.16 18:04:30 | 000,000,000 | ---D | M] -- C:\Users\André\AppData\Roaming\runic games
[2011.03.29 19:58:36 | 000,000,000 | ---D | M] -- C:\Users\André\AppData\Roaming\Subversion
[2011.01.27 12:37:31 | 000,000,000 | ---D | M] -- C:\Users\André\AppData\Roaming\TeamViewer
[2010.04.12 02:30:44 | 000,000,000 | ---D | M] -- C:\Users\André\AppData\Roaming\Turbine
[2012.01.26 11:52:41 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.03.01 14:42:50 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.03.01 14:42:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.23 17:25:32 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.20 20:11:33 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.01.27 04:55:32 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.03.01 14:42:37 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.03.01 14:42:38 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.01.18 02:11:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.11.14 17:55:10 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.18 19:04:22 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\SysNative\drivers\afd.sys
[2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 27.01.2012 06:15:53 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = D:\Alles\André\Downloads
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 68,15% Memory free
6,00 Gb Paging File | 4,81 Gb Available in Paging File | 80,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 16,60 Gb Total Space | 0,08 Gb Free Space | 0,48% Space Free | Partition Type: NTFS
Drive D: | 390,62 Gb Total Space | 81,23 Gb Free Space | 20,79% Space Free | Partition Type: NTFS
Drive E: | 58,44 Gb Total Space | 54,05 Gb Free Space | 92,49% Space Free | Partition Type: NTFS
 
Computer Name: ANDRÉ-PC | User Name: André | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Alles\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{053B3DA8-91B5-4682-A130-715412A1A253}" = Paint.NET v3.5.4
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2AF2EABE-CF18-CACB-E57C-A4902A3C36C8}" = AMD Media Foundation Decoders
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C9B2770-E66E-D289-56A0-95CFADA8EB26}" = AMD Catalyst Install Manager
"{45EF12B0-F531-4A2C-A1C0-6B1495698E30}" = TortoiseSVN 1.6.15.21042 (64 bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D77162FE-B7B2-8E1E-D80D-89DE6217DF13}" = AMD Drag and Drop Transcoding
"{D79C2CD4-7BCC-60AC-76C9-834CEEF1CDBE}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v4.1.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"UDK-b5674e21-9704-4312-9ec6-c34a6c5f20f5" = Dungeon Defense
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{153C7D89-9CF4-4719-A551-C5BF45236DB5}" = redist
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{16E43D5F-5296-4D53-B303-9D951AFE510F}" = Airline Tycoon Evolution
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21B9CC18-8AB7-402F-B343-CD2127FC3CFC}" = NETGEAR WG111 Software
"{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{330D5210-3C4F-E632-2714-BE23C7C10B9F}" = Catalyst Control Center Graphics Previews Common
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{43544FB5-BC1D-939A-7FDA-F7F3E5AEC35B}" = Catalyst Control Center
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78D2854E-5DBF-11E7-B41F-47D203C8ED66}" = CCC Help English
"{7911C404-9AFA-4BB2-B9B7-E47423D87528}" = Knights Of Honor
"{7AF32AB1-CB97-11D4-9607-0050BA84F5F7}" = Baldur's Gate(TM) II - Schatten von Amn(TM)
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA761E6-CA51-4FF2-A552-D51638BF0595}" = Battle Realms
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A2F166A0-F031-4E27-A057-C69733219435}_is1" = Mythos
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{ABD3F7BD-02E6-9150-2D34-F9F3109FA466}" = Catalyst Control Center InstallProxy
"{B2D4D657-DAA4-4C68-B01E-11736C1D8C0D}" = Unigine Heaven Benchmark v1.0
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{Stalker Complete 2009 v1.4.4}}_is1" = Stalker Complete 2009 v1.4.4
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®:  Eberron Unlimited ™ v01.11.00.812
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online v03.02.04.8010
"7-Zip" = 7-Zip 9.20
"AaGeOn's Bumpmaft -R- Golden Spurs x64 1.00" = AaGeOn's Bumpmaft -R- Golden Spurs x64 1.00
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Afterburner" = MSI Afterburner 1.5.0
"Age of Conan_is1" = Age of Conan: Unchained
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1" = Age of Empires II - The Conquerors - 1.0e Patch FINAL
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Age of Mythology 1.0" = Age of Mythology
"Atlantica Online" = Atlantica Online
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CesarFTP 0.99g_is1" = CesarFTP 0.99g
"Combat Arms EU" = Combat Arms EU
"Condition Zero" = Condition Zero
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"DynDNSUpdater" = DynDNS Updater
"FAKEFACTORY CM10V10.0" = FAKEFACTORY Cinematic Mod V10
"FileZilla Client" = FileZilla Client 3.2.7.1
"FLV Player" = FLV Player 2.0 (build 25)
"FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter 5.2.0603
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.0
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.7.804
"G3QP231012008_is1" = Questpaket 4 Update 2 Deinstallation
"Gothic II" = Gothic II
"Gothic II - Die Nacht des Raben" = Gothic II - Die Nacht des Raben
"HyperCam 2" = HyperCam 2
"HyperCam Toolbar" = HyperCam Toolbar
"InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"League of Legends_is1" = League of Legends
"LogMeIn Hamachi" = LogMeIn Hamachi
"MemSet_is1" = MemSet 3.6
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0.4
"Nehrim - Am Rande des Schicksals_is1" = NehrimUninstaller
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"OpenAL" = OpenAL
"Opera 11.60.1185" = Opera 11.60
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.8.0
"Quick Memory Editor_is1" = Quick Memory Editor 5.5
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
"S4Uninst" = Die Siedler IV
"Sacred_is1" = Sacred
"Security Task Manager" = Security Task Manager 1.8d
"Sniper Ghost Warrior_is1" = Sniper Ghost Warrior
"SpeedFan" = SpeedFan (remove only)
"Steam App 102600" = Orcs Must Die!
"Steam App 111400" = Bunch Of Heroes
"Steam App 12810" = Overlord II
"Steam App 200060" = Sacred 2: Fallen Angel (EU)
"Steam App 20500" = Red Faction: Guerrilla 
"Steam App 22230" = Rock of Ages
"Steam App 3730" = Aliens versus Predator Classic 2000
"Steam App 37600" = Windosill
"Steam App 40700" = Machinarium
"Steam App 42910" = Magicka
"Steam App 43110" = Metro 2033
"Steam App 620" = Portal 2
"Steam App 65600" = Gothic 3 Forsaken Gods Enhanced Edition
"Steam App 65800" = Dungeon Defenders
"Steam App 97100" = Section 8: Prejudice
"Steam App 98200" = Frozen Synapse
"Steam App 9860" = The Chronicles of Riddick: Assault on Dark Athena
"Steam App 99810" = Bulletstorm
"SWFPlayer_is1" = SWFPlayer 2.6.2.0
"Uninstall_is1" = Uninstall 1.0.0.1
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wrye Bash" = Wrye Bash
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Battle for Wesnoth 1.7.15-1.8rc1" = Battle for Wesnoth 1.7.15-1.8rc1
"Battle for Wesnoth 1.8.0" = Battle for Wesnoth 1.8.0
"Dropbox" = Dropbox
"Kalydo App RunesOfMagic" = RunesOfMagic
"KalydoPlayer" = Kalydo Player 4.03.00
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"Runic Games Torchlight" = Torchlight
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.07.2011 22:05:49 | Computer Name = André-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.07.2011 22:05:49 | Computer Name = André-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.07.2011 22:05:49 | Computer Name = André-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.07.2011 22:05:49 | Computer Name = André-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.07.2011 22:05:49 | Computer Name = André-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.07.2011 22:05:49 | Computer Name = André-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.07.2011 22:05:50 | Computer Name = André-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.07.2011 22:05:50 | Computer Name = André-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.07.2011 22:05:52 | Computer Name = André-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.07.2011 22:05:52 | Computer Name = André-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 26.01.2012 06:52:50 | Computer Name = André-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   TVicPort
 
Error - 26.01.2012 11:54:35 | Computer Name = André-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 26.01.2012 19:19:32 | Computer Name = André-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\TVicPort.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 26.01.2012 19:19:50 | Computer Name = André-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   TVicPort
 
Error - 27.01.2012 00:19:02 | Computer Name = André-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 27.01.2012 00:20:09 | Computer Name = André-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\TVicPort.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 27.01.2012 00:20:27 | Computer Name = André-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   TVicPort
 
Error - 27.01.2012 01:08:07 | Computer Name = André-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 27.01.2012 01:08:44 | Computer Name = André-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\TVicPort.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 27.01.2012 01:09:01 | Computer Name = André-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   TVicPort
 
 
< End of report >
Im Voraus schon mal .

Grüße, Wargar

Alt 29.01.2012, 19:49   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Generic.KD.520712 oder ähnlich - Standard

Trojan.Generic.KD.520712 oder ähnlich


Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
__________________

__________________
Antwort

Themen zu Trojan.Generic.KD.520712 oder ähnlich
64-bit, 7-zip, adblock, avira, bho, black, converter, desktop, error, fehler, firefox, google, helper, homepage, iexplore.exe, install.exe, langs, league of legends, logfile, mp3, nvidia update, object, pando media booster, plug-in, popup, realtek, registry, required, scan, schädling, security, security update, sekunden, software, trojaner, virus, virustotal.com, webcheck, windows


« Win32.Agent.bb | Aus Sicherheitsgründen wurde ihr Windowssystem blockiert »


Ähnliche Themen: Trojan.Generic.KD.520712 oder ähnlich


  1. Trojan.GenericKD.2269178 (B) + Trojan.Generic.13051484 (B) + Trojan.Generic.12905642 (B)
    Log-Analyse und Auswertung - 10.04.2015 (12)
  2. Ich habe einen Kredit im Schlaf abgeschlossen. Oder so ähnlich.
    Diskussionsforum - 29.01.2014 (6)
  3. Trojan.Sirefef.MC und Trojan.Generic.8253580 lassen sich nicht entfernen!
    Log-Analyse und Auswertung - 23.02.2013 (9)
  4. Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista
    Plagegeister aller Art und deren Bekämpfung - 19.11.2012 (20)
  5. Virenfund Trojan.Generic.7552386 und Trojan.Sirefef.FY nach GVU-Befall
    Log-Analyse und Auswertung - 03.08.2012 (15)
  6. Gen: Trojan.Heur.GM.01E0000002 und Trojan.Generic.4033639 von BitDefender Internet Security 2011 gef
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (1)
  7. Kaspersky und Train Simulator: train.exe mit Trojan.generic infiziert oder Failure Alert?
    Antiviren-, Firewall- und andere Schutzprogramme - 13.09.2010 (1)
  8. Trojan Win32 Generic BT noch vorhanden oder sicher gelöscht?
    Log-Analyse und Auswertung - 15.08.2010 (1)
  9. Vista lahm, G-Data findet Trojan.Generic ... Nero schuld oder Virus/Malware?
    Log-Analyse und Auswertung - 14.02.2010 (3)
  10. Sauber oder nicht (Trojan.Generic/Backdoor.Win32.Agent.afqs)
    Plagegeister aller Art und deren Bekämpfung - 21.04.2009 (0)
  11. DNS aus Odessa, oder so ähnlich?!
    Log-Analyse und Auswertung - 19.01.2009 (4)
  12. Virus oder ähnlich auf meinem Rechner
    Log-Analyse und Auswertung - 27.09.2008 (19)
  13. Hilfe bitte11 virus oder ähnlich!!!
    Mülltonne - 31.07.2008 (2)
  14. MSN Virus oder ähnlich bitte helfen
    Plagegeister aller Art und deren Bekämpfung - 01.07.2007 (3)
  15. habe ein problem mit einem trojaner, isomini.exe oder so ähnlich -kenn mich nicht aus
    Log-Analyse und Auswertung - 13.04.2007 (2)
  16. wintems.exe oder ähnlich....
    Log-Analyse und Auswertung - 09.01.2007 (1)
  17. Antivir findet Swizzor oder so ähnlich...
    Plagegeister aller Art und deren Bekämpfung - 05.12.2005 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojan.Generic.KD.520712 oder ähnlich - Moin moin. :-) Ich hege seit heute 0445 den Verdacht, eben jenen im Titel genannten Trojan.Generic.KD.520712 auf meiner Platte zu haben. Dazu kam es durch das Besuchen einer Unterseite von - Trojan.Generic.KD.520712 oder ähnlich...
Archiv
Du betrachtest: Trojan.Generic.KD.520712 oder ähnlich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55