Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
BKA-Virus 1.03 OTL Logfile

BKA-Virus 1.03 OTL Logfile


Log-Analyse und Auswertung: BKA-Virus 1.03 OTL Logfile

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 02.04.2012, 16:16   #1
zergenau
 
BKA-Virus 1.03 OTL Logfile - Standard

BKA-Virus 1.03 OTL Logfile


Hallo zusammen,

gestern hats mich erwischt. Laut bka-trojaner.de habe ich Version 1.03 auf meinem Rechner. Nach dem Neustarten im abgesicherten Modus fand ich im Systemstart eine chl08.exe Datei. Ich glaube, dass dies der Übeltäter ist.

Habe mich durch die Anleitung von hxxp://www.redirect301.de/bundespolizei-trojaner-entfernen.html durchgehangelt, aber an Punkt 9 bleibe ich hängen, da ich die Explorer.exe nicht austauschen kann.

Habe ein Win 7 64 System auf dem neuesten Updatestand.

Habe einen kompletten Malwarebytesscan durchlaufen lassen, ohne nennenswerten Erfolg.


ich möchte euch nun meine otl logflies posten um ggf einen Check zu erbitten ob es auffälligkeiten gibt oder ich mein system als sicher bzw sauber betrachten kann - vielen dank im voraus:

Alt 03.04.2012, 20:18   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA-Virus 1.03 OTL Logfile - Standard

BKA-Virus 1.03 OTL Logfile


Zitat:
Habe einen kompletten Malwarebytesscan durchlaufen lassen, ohne nennenswerten Erfolg.
Ohne die Logs von Malwarebytes und Co wird das hier nichts.
Alles von Malwarebytes (und evtl. anderen Scannern) muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
__________________

__________________
Alt 03.04.2012, 22:25   #3
zergenau
 
BKA-Virus 1.03 OTL Logfile - Standard

BKA-Virus 1.03 OTL Logfile


Neuer Versuch, mit Code tags. Hoffe, jetzt ist alles in Ordnung.
Danke für den Hinweis!


OTL Logfile
Code:
ATTFilter
OTL logfile created on: 02.04.2012 16:49:41 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\*****\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 60,98% Memory free
8,00 Gb Paging File | 6,22 Gb Available in Paging File | 77,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 49,90 Gb Total Space | 6,82 Gb Free Space | 13,66% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 14,42 Gb Free Space | 14,42% Space Free | Partition Type: NTFS
Drive E: | 315,76 Gb Total Space | 40,90 Gb Free Space | 12,95% Space Free | Partition Type: NTFS
 
Computer Name: ******-W7PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\**\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\xjy9bgm0.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko11\WINNT_x86-msvc\SSSLauncher.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (V0260VID) -- C:\Windows\SysNative\drivers\V0260Vid.sys (Creative Technology Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 10 85 50 92 06 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*****\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*****\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.19 16:37:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.05.24 10:17:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2012.03.30 21:23:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\xjy9bgm0.default\extensions
[2012.03.15 22:37:53 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\xjy9bgm0.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012.01.10 15:42:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJY9BGM0.DEFAULT\EXTENSIONS\{0FED7D55-65D4-47B6-A6DE-9A4ADB55355F}.XPI
() (No name found) -- C:\USERS\\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJY9BGM0.DEFAULT\EXTENSIONS\{4C7097F7-08F2-4EF2-9B9F-F95FA4CBB064}.XPI
() (No name found) -- C:\USERS\\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJY9BGM0.DEFAULT\EXTENSIONS\{582195F5-92E7-40A0-A127-DB71295901D7}.XPI
() (No name found) -- C:\USERS\\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJY9BGM0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJY9BGM0.DEFAULT\EXTENSIONS\LANGPACK-DE@CHATZILLA.MOZILLA.ORG.XPI
[2012.03.19 16:37:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.20 11:20:40 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.20 11:20:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.20 11:20:40 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.20 11:20:40 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.20 11:20:40 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.20 11:20:40 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\AppData\Local\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Auto Copy = C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\bijpdibkloghppkbmhcklkogpjaenfkg\2.1.0_0\
CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.8.3_0\
CHR - Extension: FacebookBlocker = C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\cohbmkonphbnkadgpcpofdpjiopbbhdl\1.2.3_0\
CHR - Extension: Facebook Disconnect = C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.2.0_0\
CHR - Extension: Earthy = C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhflopcljabdklmedgglmkihdnongdaa\1.0_0\
CHR - Extension: AdBlock = C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.20_0\
CHR - Extension: mP3 = C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejkbehfgdjjbpaijgahlfjpanfhmbpb\2.0_0\
CHR - Extension: Unannoying Facebook = C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphkbajimngabpbfbhkikplpdaohoe\1.2_0\
 
O1 HOSTS File: ([2011.08.03 21:16:15 | 000,002,734 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 crl.verisign.net
O1 - Hosts: 127.0.0.1 CRL.VERISIGN.NET
O1 - Hosts: 127.0.0.1 ood.opsource.net
O1 - Hosts: 127.0.0.1 209-34-83-73.ood.opsource.net
O1 - Hosts: 41 more lines...
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - Startup: C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Copy to Semagic - C:\Program Files (x86)\Semagic\copy.htm ()
O8:64bit: - Extra context menu item: Semagic - C:\Program Files (x86)\Semagic\link.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Copy to Semagic - C:\Program Files (x86)\Semagic\copy.htm ()
O8 - Extra context menu item: Semagic - C:\Program Files (x86)\Semagic\link.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EEEB86C-02AD-4AA6-B055-AC0848F29744}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{72dc1cbd-870c-11e0-8f46-00e04da2703f}\Shell - "" = AutoRun
O33 - MountPoints2\{72dc1cbd-870c-11e0-8f46-00e04da2703f}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.02 16:44:13 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe
[2012.04.02 07:50:36 | 000,000,000 | ---D | C] -- C:\Users\\Desktop\backups
[2012.04.02 07:38:40 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\\Desktop\HiJackThis204.exe
[2012.04.01 22:32:10 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\Malwarebytes
[2012.04.01 22:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.01 22:32:01 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.01 22:32:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.01 22:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.01 22:22:56 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.03.20 22:04:14 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft Cracked
[2012.03.20 22:04:12 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\.minecraft
[2012.03.20 00:25:52 | 000,000,000 | ---D | C] -- C:\Users\\Desktop\wand
[2012.03.18 21:23:10 | 000,000,000 | ---D | C] -- C:\Users\\Documents\Star Wars - The Old Republic
[2012.03.18 19:39:16 | 000,000,000 | ---D | C] -- C:\Users\\Documents\HeroBlade Logs
[2012.03.15 22:38:21 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\FireShot
[2012.03.15 22:06:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2012.03.14 08:56:47 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.03.14 08:56:46 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.03.14 08:56:45 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.03.14 08:53:41 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.14 08:53:20 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012.03.14 08:53:20 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.03.14 08:53:20 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.03.14 08:53:19 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.03.14 08:53:19 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.03.14 08:53:18 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.03.08 15:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIFT
[2012.03.06 00:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema
[2012.03.04 18:30:37 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012.03.04 18:30:37 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012.03.04 18:30:37 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012.03.04 18:30:37 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012.03.04 18:30:36 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012.03.04 18:30:36 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012.03.04 18:30:36 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2012.03.04 18:30:36 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2012.03.04 18:30:35 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2012.03.04 18:30:35 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2012.03.04 18:30:34 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2012.03.04 18:30:34 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2012.03.04 18:30:34 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012.03.04 18:30:34 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012.03.04 18:30:33 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2012.03.04 18:30:33 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012.03.04 18:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge
[2012.03.04 18:29:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gameforge
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.02 16:44:19 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe
[2012.04.02 16:31:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3841490545-2374242403-2905388123-1000UA.job
[2012.04.02 16:30:55 | 000,164,315 | ---- | M] () -- C:\Users\\Desktop\crayons in klebepistole gesteckt.jpg
[2012.04.02 16:29:53 | 000,059,927 | ---- | M] () -- C:\Users\\Desktop\img_5587.jpg
[2012.04.02 16:25:56 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.02 16:25:56 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.02 16:18:37 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.02 16:18:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.02 16:18:26 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.02 08:04:29 | 000,568,054 | ---- | M] () -- C:\Users\\Desktop\gSwai.jpg
[2012.04.02 08:03:39 | 000,230,075 | ---- | M] () -- C:\Users\\Desktop\AxbF4.jpg
[2012.04.02 08:01:58 | 000,770,963 | ---- | M] () -- C:\Users\\Desktop\6HMF3.jpg
[2012.04.02 07:59:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3841490545-2374242403-2905388123-1004UA.job
[2012.04.02 07:44:37 | 210,292,736 | ---- | M] () -- C:\Users\\Desktop\KWU_1.0.3.upd.iso
[2012.04.02 07:38:41 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\\Desktop\HiJackThis204.exe
[2012.04.02 07:35:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.04.02 07:32:56 | 033,450,172 | ---- | M] () -- C:\Users\\Desktop\0151-koss-zirkus-tom.mp3
[2012.04.01 23:33:36 | 001,527,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.01 23:33:36 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.01 23:33:36 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.01 23:33:36 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.01 23:33:36 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.01 22:32:02 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.01 22:22:56 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.01 22:22:56 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.04.01 20:03:23 | 000,076,298 | ---- | M] () -- C:\Users\\Desktop\button_ring_pillow.jpg
[2012.04.01 18:21:07 | 000,227,073 | ---- | M] () -- C:\Users\\Desktop\tumblr_lv3p3db7PQ1qiqxnqo1_500.png
[2012.04.01 14:59:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3841490545-2374242403-2905388123-1004Core.job
[2012.03.27 10:41:14 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3841490545-2374242403-2905388123-1000Core.job
[2012.03.19 00:06:59 | 000,001,458 | ---- | M] () -- C:\Users\\Desktop\Medien ab Okt.2011.rtf
[2012.03.16 11:28:40 | 000,000,689 | ---- | M] () -- C:\Users\\Desktop\Dropbox.lnk
[2012.03.14 20:33:37 | 004,883,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.07 02:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.03.07 02:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.03.07 02:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.03.07 02:04:06 | 000,819,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.03.07 02:04:04 | 000,337,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.03.07 02:02:20 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.03.07 02:01:57 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.03.07 02:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.03.07 02:01:32 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
 
========== Files Created - No Company Name ==========
 
[2012.04.02 16:30:54 | 000,164,315 | ---- | C] () -- C:\Users\\Desktop\crayons in klebepistole gesteckt.jpg
[2012.04.02 16:29:52 | 000,059,927 | ---- | C] () -- C:\Users\\Desktop\img_5587.jpg
[2012.04.02 08:04:28 | 000,568,054 | ---- | C] () -- C:\Users\\Desktop\gSwai.jpg
[2012.04.02 08:03:39 | 000,230,075 | ---- | C] () -- C:\Users\\Desktop\AxbF4.jpg
[2012.04.02 08:01:57 | 000,770,963 | ---- | C] () -- C:\Users\\Desktop\6HMF3.jpg
[2012.04.02 07:37:39 | 210,292,736 | ---- | C] () -- C:\Users\\Desktop\KWU_1.0.3.upd.iso
[2012.04.02 07:32:10 | 033,450,172 | ---- | C] () -- C:\Users\\Desktop\0151-koss-zirkus-tom.mp3
[2012.04.01 22:32:02 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.01 22:22:58 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.01 20:03:22 | 000,076,298 | ---- | C] () -- C:\Users\\Desktop\button_ring_pillow.jpg
[2012.04.01 18:26:02 | 000,227,073 | ---- | C] () -- C:\Users\\Desktop\tumblr_lv3p3db7PQ1qiqxnqo1_500.png
[2012.03.16 11:28:40 | 000,000,689 | ---- | C] () -- C:\Users\\Desktop\Dropbox.lnk
[2011.11.25 23:40:15 | 000,007,636 | ---- | C] () -- C:\Users\\AppData\Local\resmon.resmoncfg
[2011.10.29 12:29:04 | 000,000,244 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.10.27 20:30:01 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2011.09.22 12:29:58 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.07.09 18:28:49 | 000,000,094 | ---- | C] () -- C:\Users\Sandra\AppData\Local\fusioncache.dat
[2011.07.09 18:27:50 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.06 00:20:49 | 000,281,656 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.06 00:20:48 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.06.24 21:41:56 | 000,000,474 | ---- | C] () -- C:\Users\Sandra\AppData\Roaming\Poladroid prefs.plist
[2011.05.22 19:18:08 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.05.22 19:18:08 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.05.22 19:18:08 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.05.22 19:18:08 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.05.22 19:18:07 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
 
========== LOP Check ==========
 
[2012.03.20 22:06:08 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\.minecraft
[2012.03.20 21:18:51 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\.purple
[2011.08.06 14:53:02 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\AtomZombieData
[2011.08.06 14:32:51 | 000,000,000 | ---D | M] -- C:\Users\AppData\Roaming\Broken Rules
[2012.02.07 01:26:06 | 000,000,000 | ---D | M] -- C:\Users\AppData\Roaming\calibre
[2011.06.17 12:05:55 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.06.17 12:00:10 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.08.06 15:27:36 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Crayon Physics Deluxe
[2011.05.25 22:45:50 | 000,000,000 | ---D | M] -- C:\Users\AppData\Roaming\DAEMON Tools Lite
[2012.04.02 16:23:03 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Dropbox
[2011.06.19 21:08:40 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.15 22:38:21 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\FireShot
[2012.04.01 15:36:14 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\foobar2000
[2011.05.22 20:16:01 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Foxit Software
[2011.07.10 16:45:27 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\gtk-2.0
[2011.11.28 21:58:25 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\HD Tune Pro
[2011.07.01 00:32:38 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\IrfanView
[2011.08.06 14:44:40 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Lazy 8 Studios
[2011.05.25 11:35:15 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\MusicBrainz
[2011.11.01 23:16:33 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\OfficeRecovery
[2011.06.26 16:57:38 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\OpenOffice.org
[2011.06.17 12:36:08 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\PACE Anti-Piracy
[2011.07.07 23:05:36 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\PhotoScape
[2012.03.27 21:28:36 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\quassel-irc.org
[2012.02.17 22:18:13 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Quest3D
[2012.03.08 15:06:06 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\RIFT
[2012.01.11 13:33:00 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\runic games
[2011.07.23 17:59:51 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Softland
[2011.06.17 14:41:50 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.06.25 20:07:10 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\TeamViewer
[2011.07.03 21:20:27 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\The Path
[2012.01.02 23:23:42 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\TS3Client
[2011.07.04 21:23:17 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Ulead Systems
[2012.04.02 08:05:23 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\uTorrent
[2011.10.31 22:52:03 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Voxatron
[2011.11.09 01:23:30 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\WICreset
[2012.03.22 10:43:36 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1005 bytes -> C:\Users\\AppData\Local\Temp:m44jwKTUp5bL4ow1uNl2w

< End of report >

Extras
Code:
ATTFilter
OTL Extras logfile created on: 02.04.2012 16:49:41 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\****\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 60,98% Memory free
8,00 Gb Paging File | 6,22 Gb Available in Paging File | 77,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 49,90 Gb Total Space | 6,82 Gb Free Space | 13,66% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 14,42 Gb Free Space | 14,42% Space Free | Partition Type: NTFS
Drive E: | 315,76 Gb Total Space | 40,90 Gb Free Space | 12,95% Space Free | Partition Type: NTFS
 
Computer Name: *****-W7PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.38
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.38
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.38
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.38
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Creative VF0260" = Creative Live! Cam Vista IM Driver (1.10.04.00)
"doPDF 7 printer_is1" = doPDF 7.2 printer
"EPSON S21 Series" = EPSON S21 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C557D95-74B6-4AC2-9811-46F0441D6646}_is1" = InkReset version 2.16
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema 1.6.0.4014
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE 
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{606A0AC5-5F90-4379-81AE-11B44707E094}" = Adobe After Effects CS5.5 Third Party Content
"{614F6133-1897-3CB9-859A-F2A19FBE8D4A}" = Google Talk Plugin
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{7F92FF5F-C7EA-40BA-9481-02B6B4479C93}" = calibre
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}" = Poladroid
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.03.00.8048
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"DAEMON Tools Lite" = DAEMON Tools Lite
"foobar2000" = foobar2000 v1.1.6
"Foxit Reader" = Foxit Reader
"HD Tune Pro_is1" = HD Tune Pro 5.00
"HDD Health_is1" = HDD Health v3.3 Beta
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Full)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Minecraft Cracked" = Minecraft Cracked
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Nero - Burning Rom!UninstallKey" = Nero 6 Demo
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"PunkBusterSvc" = PunkBuster Services
"Semagic" = Semagic (remove only)
"SSC Service Utility_is1" = SSC Service Utility v4.30
"Steam App 1250" = Killing Floor
"Steam App 12900" = Audiosurf
"Steam App 220" = Half-Life 2
"Steam App 400" = Portal
"Steam App 41500" = Torchlight
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 55040" = Atom Zombie Smasher 
"Steam App 630" = Alien Swarm
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent
"VisiPics_is1" = VisiPics V1.30
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"SOE-DC Universe Online Live" = DC Universe Online Live
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.04.2012 11:26:41 | Computer Name = *****-W7PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 01.04.2012 21:37:43 | Computer Name = ****+-W7PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 01.04.2012 16:08:07 | Computer Name = *****-W7PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.04.2012 16:08:07 | Computer Name = *****-W7PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst 
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 01.04.2012 16:08:07 | Computer Name =****+-W7PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.04.2012 16:08:07 | Computer Name = *****-W7PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.04.2012 16:08:07 | Computer Name = ****-W7PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.04.2012 16:08:07 | Computer Name = *****-W7PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  aswRdr  aswSnx  aswSP  aswTdi  CSC  DfsC  discache  NetBIOS  NetBT  nsiproxy  Psched  rdbss  spldr  tdx
Wanarpv6
WfpLwf
 
Error - 01.04.2012 22:46:45 | Computer Name = *****-W7PC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 01.04.2012 22:46:45 | Computer Name = ****-W7PC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 01.04.2012 22:46:46 | Computer Name = *****-W7PC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 01.04.2012 22:46:46 | Computer Name = ****-W7PC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
 
< End of report >
Malewarebytes log
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.01.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
**** :: ****-W7PC [Administrator]

Schutz: Aktiviert

01.04.2012 22:39:55
mbam-log-2012-04-01 (22-39-55).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 607510
Laufzeit: 4 Stunde(n), 28 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\****\Desktop\Adobe.All.Products.v1.10.Updated.20.JUNE.2011.Keymaker.ONLY-CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\****\Desktop\Adobe.All.Products.v1.10.Updated.20.JUNE.2011.Keymaker.ONLY-CORE\Keygen.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\JDownloads\00 Programme\MasterCollection_CS5_5_LS4\Crack\adobemasterkeygen55.exe (Trojan.Agent.ck) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
__________________
Alt 04.04.2012, 11:44   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA-Virus 1.03 OTL Logfile - Standard

BKA-Virus 1.03 OTL Logfile


Zitat:
C:\Users\****\Desktop\Adobe.All.Products.v1.10.Updated.20.JUNE.2011.Keymaker.ONLY-CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\****\Desktop\Adobe.All.Products.v1.10.Updated.20.JUNE.2011.Keymaker.ONLY-CORE\Keygen.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Illegale Keygens disqualifizieren dich für eine Bereinigung

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu BKA-Virus 1.03 OTL Logfile
abgesicherten, anleitung, austauschen, bleibe, check, erbitte, explorer.exe, gen, hallo zusammen, hängen, komplette, logfile, modus, nenne, neues, neueste, neustarten, poste, posten, sauber, systemstart, updates, version, win, zusammen


« Abnow entfernen ohne Windows-Neuinstallation | Trojan.Agent/Gen-Autoit auf Ext. Backup HDD »


Ähnliche Themen: BKA-Virus 1.03 OTL Logfile


  1. BKA Virus entfernt - OTL Logfile
    Log-Analyse und Auswertung - 05.03.2013 (15)
  2. GEMA Virus // Logfile fix
    Log-Analyse und Auswertung - 27.04.2012 (24)
  3. HDD Smart Virus Malware Logfile
    Log-Analyse und Auswertung - 22.04.2012 (11)
  4. BKA Virus 1.09 - OTL Logfile Auswertung
    Log-Analyse und Auswertung - 05.04.2012 (29)
  5. Bka-virus otl logfile
    Log-Analyse und Auswertung - 04.04.2012 (18)
  6. BKA-Virus Logfile
    Log-Analyse und Auswertung - 01.04.2012 (1)
  7. Gema Virus - Logfile
    Log-Analyse und Auswertung - 01.04.2012 (3)
  8. 50 € Virus OTL logfile
    Log-Analyse und Auswertung - 15.03.2012 (3)
  9. GMER Logfile - Java Virus?
    Log-Analyse und Auswertung - 21.11.2011 (21)
  10. BKA Virus incl. OTL Logfile
    Log-Analyse und Auswertung - 15.06.2011 (9)
  11. HiJackThis LogFile - Virus auf dem Laptop?
    Log-Analyse und Auswertung - 28.05.2010 (4)
  12. Hijackthis Logfile - Virus???
    Log-Analyse und Auswertung - 24.07.2008 (1)
  13. habe virus - mein logfile...
    Log-Analyse und Auswertung - 29.05.2008 (6)
  14. Virus im MSN - Logfile
    Log-Analyse und Auswertung - 21.02.2008 (1)
  15. logfile nach virus?
    Log-Analyse und Auswertung - 16.09.2007 (18)
  16. Trojaner/Virus? (mit Logfile)
    Log-Analyse und Auswertung - 23.05.2006 (3)
  17. Virus Warnung von AVG : stubinstaller... Logfile
    Log-Analyse und Auswertung - 30.10.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema BKA-Virus 1.03 OTL Logfile - Hallo zusammen, gestern hats mich erwischt. Laut bka-trojaner.de habe ich Version 1.03 auf meinem Rechner. Nach dem Neustarten im abgesicherten Modus fand ich im Systemstart eine chl08.exe Datei. Ich glaube, - BKA-Virus 1.03 OTL Logfile...
Archiv
Du betrachtest: BKA-Virus 1.03 OTL Logfile auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131